2014-05-23  Dana Burkart  <dburkart@apple.com>

        Merge r167832

    2014-04-25  Oliver Hunt  <oliver@apple.com>

            Need earlier cell test
            https://bugs.webkit.org/show_bug.cgi?id=132211

            Reviewed by Mark Lam.

            Move cell test to before the function call repatch
            location, as the repatch logic for 32bit assumes that the
            caller will already have performed a cell check.

            * jit/JITCall32_64.cpp:
            (JSC::JIT::compileOpCall):

2014-05-22  Dana Burkart  <dburkart@apple.com>

        Merge r165162

    2014-03-05  Mark Lam  <mark.lam@apple.com>

            llint_slow_path_check_has_instance() should not adjust PC before accessing operands.
            <https://webkit.org/b/129768>

            Reviewed by Mark Hahnenberg.

            When evaluating "a instanceof b" where b is an object that ImplementsHasInstance
            and OverridesHasInstance (e.g. a bound function), the LLINT will take the slow
            path llint_slow_path_check_has_instance(), and execute a code path that does the
            following:
            1. Adjusts the byte code PC to the jump target PC.
            2. For the purpose of storing the result, get the result registerIndex from the
               1st operand using the PC as if the PC is still pointing to op_check_has_instance
               bytecode.

            The result is that whatever value resides after where the jump target PC is will
            be used as a result register value.  Depending on what that value is, the result
            can be:
            1. the code coincidently works correctly
            2. memory corruption
            3. crashes

            The fix is to only adjust the byte code PC after we have stored the result.
            
            * llint/LLIntSlowPaths.cpp:
            (llint_slow_path_check_has_instance):

2014-05-02  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r167336.

    2014-04-15  Filip Pizlo  <fpizlo@apple.com>
    
            compileMakeRope does not emit necessary bounds checks
            https://bugs.webkit.org/show_bug.cgi?id=130684
            <rdar://problem/16398388>
    
            Reviewed by Oliver Hunt.
            
            Add string length bounds checks in a bunch of places. We should never allow a string
            to have a length greater than 2^31-1 because it's not clear that the language has
            semantics for it and because there is code that assumes that this cannot happen.
            
            Also add a bunch of tests to that effect to cover the various ways in which this was
            previously allowed to happen.
    
            * dfg/DFGOperations.cpp:
            * dfg/DFGSpeculativeJIT.cpp:
            (JSC::DFG::SpeculativeJIT::compileMakeRope):
            * ftl/FTLLowerDFGToLLVM.cpp:
            (JSC::FTL::LowerDFGToLLVM::compileMakeRope):
            * runtime/JSString.cpp:
            (JSC::JSRopeString::RopeBuilder::expand):
            * runtime/JSString.h:
            (JSC::JSString::create):
            (JSC::JSRopeString::RopeBuilder::append):
            (JSC::JSRopeString::RopeBuilder::release):
            (JSC::JSRopeString::append):
            * runtime/Operations.h:
            (JSC::jsString):
            (JSC::jsStringFromRegisterArray):
            (JSC::jsStringFromArguments):
            * runtime/StringPrototype.cpp:
            (JSC::stringProtoFuncIndexOf):
            (JSC::stringProtoFuncSlice):
            (JSC::stringProtoFuncSubstring):
            (JSC::stringProtoFuncToLowerCase):
            * tests/stress/make-large-string-jit-strcat.js: Added.
            (foo):
            * tests/stress/make-large-string-jit.js: Added.
            (foo):
            * tests/stress/make-large-string-strcat.js: Added.
            * tests/stress/make-large-string.js: Added.
    
2013-10-21  Lucas Forschler  <lforschler@apple.com>

        Merge r154217

    2013-08-16  Filip Pizlo  <fpizlo@apple.com>

            DFG optimizes out strict mode arguments tear off
            https://bugs.webkit.org/show_bug.cgi?id=119504

            Reviewed by Mark Hahnenberg and Oliver Hunt.

            Don't do the optimization for strict mode.

            * dfg/DFGArgumentsSimplificationPhase.cpp:
            (JSC::DFG::ArgumentsSimplificationPhase::run):
            (JSC::DFG::ArgumentsSimplificationPhase::pruneObviousArgumentCreations):

2013-09-06  Filip Pizlo  <fpizlo@apple.com>

        jsc shell should destroy VM as a workaround for LLVM's exit-time destructors
        https://bugs.webkit.org/show_bug.cgi?id=120921

        Reviewed by Oliver Hunt.
        
        LLVM's exit-time destructors will fire when we exit. If there is an on-going
        FTL compile at exit, which will happen if the VM that triggered the compile
        isn't shut down, then we will crash.
        
        We should get rid of LLVM's exit-time destructors. But before we do that, we
        should just do a clean VM shutdown to suppress spurious crashes. This will
        help in expanding LLVM coverage for now.

        * jsc.cpp:
        (jscmain):

2013-09-04  Dean Jackson  <dino@apple.com>

        <rdar://problem/14910916> Disable CSS_SHAPES on safari-537-branch

        Reviewed by Beth Dakin.

        * Configurations/FeatureDefines.xcconfig:

2013-08-27  Lucas Forschler  <lforschler@apple.com>

        Merge r154633

    2013-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>

            JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on the length of the ArrayStorage after possible reallocing it
            https://bugs.webkit.org/show_bug.cgi?id=120278

            Reviewed by Geoffrey Garen.

            * runtime/JSObject.cpp:
            (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):

2013-08-08  Lucas Forschler  <lforschler@apple.com>

        Merge r153819

    2013-08-08  Stephanie Lewis  <slewis@apple.com>

            <rdar://problem/14680524> REGRESSION(153806): Crash @ yahoo.com when WebKit is built with a .order file

            Unreviewed.

            Ensure llint symbols are in source order.

            * JavaScriptCore.order:


2013-08-07  Lucas Forschler  <lforschler@apple.com>

        Merge r153775

    2013-08-06  Stephanie Lewis  <slewis@apple.com>

            Update Order Files for Safari
            <rdar://problem/14517392>

            Unreviewed.

            * JavaScriptCore.order:

2013-08-07  Lucas Forschler  <lforschler@apple.com>

        Merge patch from <rdar://problem/14655517>.
        
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):

2013-08-07  Lucas Forschler  <lforschler@apple.com>

        Merge r153793

    2013-08-07  Mark Hahnenberg  <mhahnenberg@apple.com>

            32-bit code gen for TypeOf doesn't properly update the AbstractInterpreter state
            https://bugs.webkit.org/show_bug.cgi?id=119555

            Reviewed by Geoffrey Garen.

            It uses a speculationCheck where it should be using a DFG_TYPE_CHECK like the 64-bit backend does.
            This was causing crashes on maps.google.com in 32-bit debug builds.

            * dfg/DFGSpeculativeJIT32_64.cpp:
            (JSC::DFG::SpeculativeJIT::compile):

2013-08-07  Lucas Forschler  <lforschler@apple.com>

        Merge r153374

    2013-07-19  Mark Hahnenberg  <mhahnenberg@apple.com>

            Setting a large numeric property on an object causes it to allocate a huge backing store
            https://bugs.webkit.org/show_bug.cgi?id=118914

            Reviewed by Geoffrey Garen.

            There are two distinct actions that we're trying to optimize for:

            new Array(100000);

            and:

            a = [];
            a[100000] = 42;

            In the first case, the programmer has indicated that they expect this Array to be very big, 
            so they should get a contiguous array up until some threshold, above which we perform density 
            calculations to see if it is indeed dense enough to warrant being contiguous.

            In the second case, the programmer hasn't indicated anything about the size of the Array, so 
            we should be more conservative and assume it should be sparse until we've proven otherwise.

            Currently both of those cases are handled by MIN_SPARSE_ARRAY_INDEX. We should distinguish 
            between them for the purposes of not over-allocating large backing stores like we see on 
            http://www.peekanalytics.com/burgerjoints/

            The way that we'll do this is to keep the MIN_SPARSE_ARRAY_INDEX for the first case, and 
            introduce a new heuristic for the second case. If we are putting to an index above a certain 
            threshold (say, 1000) and it is beyond the length of the array, then we will use a sparse 
            map instead. So for example, in the second case above the empty array has a blank indexing 
            type and a length of 0. We put-by-val to an index > 1000 and > a.length, so we'll use a sparse map.

            This fix is ~800x speedup on the accompanying regression test :-o

            * runtime/ArrayConventions.h:
            (JSC::indexIsSufficientlyBeyondLengthForSparseMap):
            * runtime/JSObject.cpp:
            (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
            (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
            (JSC::JSObject::putByIndexBeyondVectorLength):
            (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):

2013-08-01  Lucas Forschler  <lforschler@apple.com>

        Merge r153615

    2013-08-01  Oliver Hunt  <oliver@apple.com>

            DFG is not enforcing correct ordering of ToString conversion in MakeRope
            https://bugs.webkit.org/show_bug.cgi?id=119408

            Reviewed by Filip Pizlo.

            Construct ToString and Phantom nodes in advance of MakeRope
            nodes to ensure that ordering is ensured, and correct values
            will be reified on OSR exit.

            * dfg/DFGByteCodeParser.cpp:
            (JSC::DFG::ByteCodeParser::parseBlock):

2013-08-01  Mark Hahnenberg  <mhahnenberg@apple.com>

        GetByVal on Arguments does the wrong size load when checking the Arguments object length
        https://bugs.webkit.org/show_bug.cgi?id=119281

        Reviewed by Geoffrey Garen.

        This leads to out of bounds accesses and subsequent crashes.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2013-07-29  Lucas Forschler  <lforschler@apple.com>

        Merge r153071

    2013-07-23  Mark Lam  <mark.lam@apple.com>

            Removed unused sourceOffset from JSTokenLocation.
            https://bugs.webkit.org/show_bug.cgi?id=118996.

            Reviewed by Geoffrey Garen.

            This also removes the assertion reported in the bug because it is now
            moot, thereby resolving the assertion failure issue on Windows.

            * bytecompiler/NodesCodegen.cpp:
            (JSC::ArrayNode::toArgumentList):
            (JSC::ApplyFunctionCallDotNode::emitBytecode):
            * parser/Lexer.cpp:
            (JSC::::lex):
            * parser/Lexer.h:
            (JSC::::lexExpectIdentifier):
            * parser/Nodes.h:
            * parser/Parser.cpp:
            (JSC::::Parser):
            (JSC::::parseFunctionInfo):
            (JSC::::parseExpressionOrLabelStatement):
            (JSC::::parseMemberExpression):
            * parser/Parser.h:
            (JSC::::parse):
            * parser/ParserTokens.h:
            (JSC::JSTokenLocation::JSTokenLocation):

2013-07-29  Lucas Forschler  <lforschler@apple.com>

        Merge r153410

    2013-07-28  Oliver Hunt  <oliver@apple.com>

        REGRESSION: Crash when opening Facebook.com
        https://bugs.webkit.org/show_bug.cgi?id=119155

        Reviewed by Andreas Kling.

        Scope nodes are always objects, so we should be using SpecObjectOther
        rather than SpecCellOther.  Marking Scopes as CellOther leads to a
        contradiction in the CFA, resulting in bogus codegen.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::executeEffects):
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):

2013-07-24  Lucas Forschler  <lforschler@apple.com>

        Merge r153075

    2013-07-23  Filip Pizlo  <fpizlo@apple.com>

            DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs
            https://bugs.webkit.org/show_bug.cgi?id=119032

            Reviewed by Oliver Hunt.

            It just needs some Phantom action.

            * dfg/DFGFixupPhase.cpp:
            (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):

2013-07-22  Lucas Forschler  <lforschler@apple.com>

        Merge r152882

    2013-07-18  Andreas Kling  <akling@apple.com>

            CodeBlock DFG entry list isn't getting shrunk-to-fit after linking.
            <http://webkit.org/b/118875>
            <rdar://problem/14488577>

            Reviewed by Geoffrey Garen.

            Move the CodeBlock::shrinkToFit() call out of JITCompiler::link() and to the call sites
            so SpeculativeJIT::linkOSREntries() can fill in CodeBlock::m_dfgData->osrEntry first.

            886 kB progression on <http://twitter.com/awesomekling>

            * dfg/DFGJITCompiler.cpp:
            (JSC::DFG::JITCompiler::link):
            (JSC::DFG::JITCompiler::compile):
            (JSC::DFG::JITCompiler::compileFunction):

2013-07-22  Lucas Forschler  <lforschler@apple.com>

        Merge r152868

    2013-07-18  Filip Pizlo  <fpizlo@apple.com>

            LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile
            https://bugs.webkit.org/show_bug.cgi?id=118865

            Reviewed by Mark Hahnenberg.

            * llint/LowLevelInterpreter64.asm:

2013-07-22  Lucas Forschler  <lforschler@apple.com>

        Merge r152848

    2013-07-18  Andreas Kling  <akling@apple.com>

            CodeBlock::m_argumentValueProfiles wastes a lot of memory.
            <http://webkit.org/b/118852>
            <rdar://problem/14481659>

            Reviewed by Anders Carlsson.

            Use Vector::resizeToFit() for CodeBlock::m_argumentValueProfiles. We don't need any padding
            for growth, since we won't be appending to it anyway.

            921 KB progression on <http://twitter.com/awesomekling>

            * bytecode/CodeBlock.cpp:
            (JSC::CodeBlock::setNumParameters):

2013-07-22  Lucas Forschler  <lforschler@apple.com>

        Merge r152737

    2013-07-16  Mark Hahnenberg  <mhahnenberg@apple.com>

            Remove reference to JSValueStructSupport.h from JSExport.h
            https://bugs.webkit.org/show_bug.cgi?id=118746

            Reviewed by Filip Pizlo.

            * API/JSExport.h: No such header exists, so it doesn't make sense to reference it.

2013-07-22  Lucas Forschler  <lforschler@apple.com>

        Merge r152600

    2013-07-12  Brent Fulgham  <bfulgham@apple.com>

            [Windows] Build correction after r152573/r152577.
            https://bugs.webkit.org/show_bug.cgi?id=118610

            Reviewed by Oliver Hunt.

            * jit/JITThunks.cpp:
            (JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second
            argument of the make_pair to be a function pointer.

2013-07-19  Lucas Forschler  <lforschler@apple.com>

        Merge r152818

    2013-07-17  Filip Pizlo  <fpizlo@apple.com>

            Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813

            * dfg/DFGSpeculativeJIT.cpp:
            (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
            * dfg/DFGSpeculativeJIT32_64.cpp:
            (JSC::DFG::SpeculativeJIT::compile):

2013-07-19  Lucas Forschler  <lforschler@apple.com>

        Merge r152813

    2013-07-17  Filip Pizlo  <fpizlo@apple.com>

            DFG assumes that NewFunction will never pass its input through
            https://bugs.webkit.org/show_bug.cgi?id=118798

            Reviewed by Sam Weinig.

            Previously the DFG was assuming that NewFunction always returns a function. That's not
            the case. It may return whatever was passed to it, if it wasn't passed SpecEmpty.

            This fact needed to be wired through the compiler.

            * dfg/DFGAbstractState.cpp:
            (JSC::DFG::AbstractState::executeEffects):
            * dfg/DFGAbstractValue.h:
            (JSC::DFG::AbstractValue::makeTop):
            * dfg/DFGGraph.cpp:
            (JSC::DFG::Graph::dump):
            * dfg/DFGOperations.cpp:
            * dfg/DFGOperations.h:
            * dfg/DFGPredictionPropagationPhase.cpp:
            (JSC::DFG::PredictionPropagationPhase::propagate):
            * dfg/DFGSpeculativeJIT.h:
            (JSC::DFG::SpeculativeJIT::callOperation):
            * dfg/DFGSpeculativeJIT32_64.cpp:
            (JSC::DFG::SpeculativeJIT::compile):
            * dfg/DFGSpeculativeJIT64.cpp:
            (JSC::DFG::SpeculativeJIT::compile):

2013-07-18  Lucas Forschler  <lforschler@apple.com>

        Merge r152807

    2013-07-17  Geoffrey Garen  <ggaren@apple.com>

            JSStringCreateWithCFString should not convert the empty string into the NULL string
            https://bugs.webkit.org/show_bug.cgi?id=118816

            Reviewed by Sam Weinig.

            * API/JSStringRef.cpp:
            (JSStringCreateWithUTF8CString): Removed an extraneous comment, which
            a previous version of the patch made incorrect.

            * API/JSStringRefCF.cpp:
            (JSStringCreateWithCFString): Don't convert the empty string into the
            null string.

2013-07-17  Lucas Forschler  <lforschler@apple.com>

        Rollout r152600

2013-07-17  Lucas Forschler  <lforschler@apple.com>

        Merge r152600

    2013-07-12  Brent Fulgham  <bfulgham@apple.com>

            [Windows] Build correction after r152573/r152577.
            https://bugs.webkit.org/show_bug.cgi?id=118610

            Reviewed by Oliver Hunt.

            * jit/JITThunks.cpp:
            (JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second
            argument of the make_pair to be a function pointer.

2013-07-17  Lucas Forschler  <lforschler@apple.com>

        Merge r152742

    2013-07-16  Filip Pizlo  <fpizlo@apple.com>

            MakeRope fixup shouldn't lead to an Identity without kids
            https://bugs.webkit.org/show_bug.cgi?id=118745

            Reviewed by Mark Hahnenberg.

            Make the empty string pruning part of fixupMakeRope() stop if it's on the last child.

            Make Node::convertToIdentity release-assert that it has exactly one kid.

            * dfg/DFGFixupPhase.cpp:
            (JSC::DFG::FixupPhase::fixupMakeRope):
            * dfg/DFGNode.h:
            (JSC::DFG::Node::convertToIdentity):

2013-07-15  Lucas Forschler  <lforschler@apple.com>

        Merge r152613

    2013-07-13  Commit Queue  <commit-queue@webkit.org>

            Unreviewed, rolling out r151978.
            http://trac.webkit.org/changeset/151978
            https://bugs.webkit.org/show_bug.cgi?id=118651

            Caused regressions at least 3 websites (Requested by rniwa on
            #webkit).

            * runtime/JSCJSValue.h:
            * runtime/JSString.h:

2013-07-15  Lucas Forschler  <lforschler@apple.com>

        Merge r152577

    2013-07-11  Oliver Hunt  <oliver@apple.com>

            Attempt to fix the windows build.

            * jit/JITThunks.cpp:
            (JSC::JITThunks::hostFunctionStub):
            * jit/JITThunks.h:

2013-07-15  Lucas Forschler  <lforschler@apple.com>

        Merge r152573

    2013-07-10  Oliver Hunt  <oliver@apple.com>

            NativeExecutable cache needs to use both call and construct functions for key
            https://bugs.webkit.org/show_bug.cgi?id=118545

            Reviewed by Geoffrey Garen.

            Make the native executable cache make use a key pair so we don't decide to
            treat all subsequent functions as not being constructors.

            * jit/JITThunks.cpp:
            (JSC::JITThunks::hostFunctionStub):
            * jit/JITThunks.h:
            * runtime/JSBoundFunction.cpp:
            (JSC::JSBoundFunction::create):
            * runtime/JSCell.cpp:
            (JSC::JSCell::getCallData):
            (JSC::JSCell::getConstructData):

2013-07-09  Lucas Forschler  <lforschler@apple.com>

        Merge r152497

    2013-07-09  Mark Lam  <mark.lam@apple.com>

            Gardening to unbreak builds on the Windows bot.

            Not reviewed.

            * parser/ParserTokens.h:

2013-07-09  Lucas Forschler  <lforschler@apple.com>

        Merge r152494

    2013-07-09  Mark Lam  <mark.lam@apple.com>

            Fix 30% JSBench regression (caused by adding column numbers to stack traces).
            https://bugs.webkit.org/show_bug.cgi?id=118481.

            Reviewed by Mark Hahnenberg and Geoffrey Garen.

            Previously, we already capture ExpressionRangeInfo that provides a divot for
            each bytecode that can potentially throw an exception (and therefore generate
            a stack trace). On first attempt to compute column numbers, we then do a walk
            of the source string to record all line start positions in a table associated
            with the SourceProvider. The column number can then be computed as
                divot - lineStartFor(bytecodeOffset).

            The computation of this lineStarts table is the source of the 30% JSBench
            performance regression.

            The new code now records lineStarts as the lexer and parser scans the source
            code. These lineStarts are then used to compute the column number for the
            given divot, and stored in the ExpressionRangeInfo. Similarly, we also capture
            the line number at the divot point and store that in the ExpressionRangeInfo.
            Hence, to look up line and column numbers, we now lookup the ExpressionRangeInfo
            for the bytecodeOffset, and then compute the line and column from the values
            stored in the expression info.

            The strategy:
            1. We want to minimize perturbations to the lexer and parser. Specifically,
               the changes added should not change how it scans code, and generate bytecode.
            2. We regard the divot as the source character position we are interested
               in. As such, we'll capture line and lineStart (for column) at the point
               when we capture the divot information. This ensures that the 3 values are
               consistent.

            How the change is done:
            1. Change the lexer to track lineStarts.
            2. Change the parser to capture line and lineStarts at the point of capturing
               divots.
            3. Change the parser and associated code to plumb these values all the way to
               the point that the correspoinding ExpressionRangeInfo is emitted.
            4. Propagate and record SourceCode firstLine and firstLineColumnOffset to the
               the necessary places so that we can add them as needed when reifying
               UnlinkedCodeBlocks into CodeBlocks.
            5. Compress the line and column number values in the ExpressionRangeInfo. In
               practice, we seldom have both large line and column numbers. Hence, we can
               encode both in an uint32_t most of the time. For the times when we encounter
               both large line and column numbers, we have a fallback to store the "fat"
               position info.
            6. Emit an ExpressionRangeInfo for UnaryOp nodes to get more line and column
               number coverage.
            7. Change the interpreter to use the new way of computing line and column.
            8. Delete old line and column computation code that is now unused.

            Misc details:
            - the old lexer was tracking both a startOffset and charPosition where
              charPosition equals startOffset - SourceCode.startOffset. We now use
              startOffset exclusively throughout the system for consistency.
              All offset values (including lineStart) are relative to the start of the
              SourceProvider string. These values will only be converted to be relative
              to the SourceCode.startOffset at the very last minute i.e. when the divot
              is stored into the ExpressionRangeInfo.

              This change to use the same offset system everywhere reduces confusion
              from having to convert back and forth between the 2 systems. It also
              enables a lot of assertions to be used.

            - Also fixed some bugs in the choice of divot positions to use. For example,
              both Eval and Function expressions previously used column numbers from
              the start of the expression but used the line number at the end of the
              expression. This is now fixed to use either the start or end positions
              as appropriate, but not a mix of line and columns from both.

            - Why use ints instead of unsigneds for offsets and lineStarts inside the
              lexer and parser?
              Some tests (e.g. fast/js/call-base-resolution.html and
              fast/js/eval-cross-window.html) has shown that lineStart offsets can be
              prior to the SourceCode.startOffset. Keeping the lexer offsets as ints
              simplifies computations and makes it easier to maintain the assertions
              that (startOffset >= lineStartOffset).

              However, column and line numbers are always unsigned when we publish
              them to the ExpressionRangeInfo. The ints are only used inside the
              lexer and parser ... well, and bytecode generator.

            - For all cases, lineStart is always captured where the divot is captured.
              However, some sputnik conformance tests have shown that we cannot honor
              line breaks for assignment statements like the following:

                  eval("x\u000A*=\u000A-1;");

              In this case, the lineStart is expected to be captured at the start of
              the assignment expression instead of at the divot point in the middle.
              The assignment expression is the only special case for this.

            This patch has been tested against the full layout tests both with release
            and debug builds with no regression.

            * API/JSContextRef.cpp:
            (JSContextCreateBacktrace):
              - Updated to use the new StackFrame::computeLineAndColumn().
            * bytecode/CodeBlock.cpp:
            (JSC::CodeBlock::CodeBlock):
              - Added m_firstLineColumnOffset initialization.
              - Plumbed the firstLineColumnOffset into the SourceCode.
              - Initialized column for op_debug using the new way.
            (JSC::CodeBlock::lineNumberForBytecodeOffset):
              - Changed to compute line number using the ExpressionRangeInfo.
            (JSC::CodeBlock::columnNumberForBytecodeOffset): Added
              - Changed to compute column number using the ExpressionRangeInfo.
            (JSC::CodeBlock::expressionRangeForBytecodeOffset):
            * bytecode/CodeBlock.h:
            (JSC::CodeBlock::firstLineColumnOffset):
            (JSC::GlobalCodeBlock::GlobalCodeBlock):
              - Plumbed firstLineColumnOffset through to the super class.
            (JSC::ProgramCodeBlock::ProgramCodeBlock):
              - Plumbed firstLineColumnOffset through to the super class.
            (JSC::EvalCodeBlock::EvalCodeBlock):
              - Plumbed firstLineColumnOffset through to the super class.
                But for EvalCodeBlocks, the firstLineColumnOffset is always 1
                because we're starting with a new source string with no start
                offset.
            (JSC::FunctionCodeBlock::FunctionCodeBlock):
              - Plumbed firstLineColumnOffset through to the super class.

            * bytecode/ExpressionRangeInfo.h:
              - Added modes for encoding line and column into a single 30-bit
                unsigned. The encoding is in 1 of 3 modes:
                1. FatLineMode: 22-bit line, 8-bit column
                2. FatColumnMode: 8-bit line, 22-bit column
                3. FatLineAndColumnMode: 32-bit line, 32-bit column
            (JSC::ExpressionRangeInfo::encodeFatLineMode): Added.
              - Encodes line and column into the 30-bit position using FatLine mode.
            (JSC::ExpressionRangeInfo::encodeFatColumnMode): Added.
              - Encodes line and column into the 30-bit position using FatColumn mode.
            (JSC::ExpressionRangeInfo::decodeFatLineMode): Added.
              - Decodes the FatLine mode 30-bit position into line and column.
            (JSC::ExpressionRangeInfo::decodeFatColumnMode): Added.
              - Decodes the FatColumn mode 30-bit position into line and column.

            * bytecode/UnlinkedCodeBlock.cpp:
            (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
              - Plumbed startColumn through.
            (JSC::UnlinkedFunctionExecutable::link):
              - Plumbed startColumn through.
            (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
              - Computes a line number using the new way.
            (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
              - Added decoding of line and column.
              - Added handling of the case when we do not find a fitting expression
                range info for a specified bytecodeOffset. This only happens if the
                bytecodeOffset is below the first expression range info. In that
                case, we'll use the first expression range info entry.
            (JSC::UnlinkedCodeBlock::addExpressionInfo):
              - Added encoding of line and column.

            * bytecode/UnlinkedCodeBlock.h:
              - Added m_expressionInfoFatPositions in RareData.
            (JSC::UnlinkedFunctionExecutable::functionStartColumn):
            (JSC::UnlinkedCodeBlock::shrinkToFit):
              - Removed obsoleted m_lineInfo.
            * bytecompiler/BytecodeGenerator.cpp:
            (JSC::BytecodeGenerator::emitCall): Plumbed line and lineStart through.
            (JSC::BytecodeGenerator::emitCallEval): Plumbed line and lineStart through.
            (JSC::BytecodeGenerator::emitCallVarargs): Plumbed line and lineStart through.
            (JSC::BytecodeGenerator::emitConstruct): Plumbed line and lineStart through.
            (JSC::BytecodeGenerator::emitDebugHook): Plumbed lineStart through.
            * bytecompiler/BytecodeGenerator.h:
            (JSC::BytecodeGenerator::emitNode):
            (JSC::BytecodeGenerator::emitNodeInConditionContext):
              - Removed obsoleted m_lineInfo.
            (JSC::BytecodeGenerator::emitExpressionInfo):
              - Plumbed line and lineStart through.
              - Compute the line and column to be added to the expression range info.
            * bytecompiler/NodesCodegen.cpp:
            (JSC::ThrowableExpressionData::emitThrowReferenceError):
            (JSC::ResolveNode::emitBytecode):
            (JSC::ArrayNode::toArgumentList):
            (JSC::BracketAccessorNode::emitBytecode):
            (JSC::DotAccessorNode::emitBytecode):
            (JSC::NewExprNode::emitBytecode):
            (JSC::EvalFunctionCallNode::emitBytecode):
            (JSC::FunctionCallValueNode::emitBytecode):
            (JSC::FunctionCallResolveNode::emitBytecode):
            (JSC::FunctionCallBracketNode::emitBytecode):
            (JSC::FunctionCallDotNode::emitBytecode):
            (JSC::CallFunctionCallDotNode::emitBytecode):
            (JSC::ApplyFunctionCallDotNode::emitBytecode):
            (JSC::PostfixNode::emitResolve):
            (JSC::PostfixNode::emitBracket):
            (JSC::PostfixNode::emitDot):
            (JSC::DeleteResolveNode::emitBytecode):
            (JSC::DeleteBracketNode::emitBytecode):
            (JSC::DeleteDotNode::emitBytecode):
            (JSC::PrefixNode::emitResolve):
            (JSC::PrefixNode::emitBracket):
            (JSC::PrefixNode::emitDot):
              - Plumbed line and lineStart through the above as needed.

            (JSC::UnaryOpNode::emitBytecode):
              - Added emission of an ExpressionRangeInfo for the UnaryOp node.

            (JSC::BinaryOpNode::emitStrcat):
            (JSC::ThrowableBinaryOpNode::emitBytecode):
            (JSC::InstanceOfNode::emitBytecode):
            (JSC::emitReadModifyAssignment):
            (JSC::ReadModifyResolveNode::emitBytecode):
            (JSC::AssignResolveNode::emitBytecode):
            (JSC::AssignDotNode::emitBytecode):
            (JSC::ReadModifyDotNode::emitBytecode):
            (JSC::AssignBracketNode::emitBytecode):
            (JSC::ReadModifyBracketNode::emitBytecode):
              - Plumbed line and lineStart through the above as needed.

            (JSC::ConstStatementNode::emitBytecode):
            (JSC::EmptyStatementNode::emitBytecode):
            (JSC::DebuggerStatementNode::emitBytecode):
            (JSC::ExprStatementNode::emitBytecode):
            (JSC::VarStatementNode::emitBytecode):
            (JSC::IfElseNode::emitBytecode):
            (JSC::DoWhileNode::emitBytecode):
            (JSC::WhileNode::emitBytecode):
            (JSC::ForNode::emitBytecode):
            (JSC::ForInNode::emitBytecode):
            (JSC::ContinueNode::emitBytecode):
            (JSC::BreakNode::emitBytecode):
            (JSC::ReturnNode::emitBytecode):
            (JSC::WithNode::emitBytecode):
            (JSC::SwitchNode::emitBytecode):
            (JSC::LabelNode::emitBytecode):
            (JSC::ThrowNode::emitBytecode):
            (JSC::TryNode::emitBytecode):
            (JSC::ProgramNode::emitBytecode):
            (JSC::EvalNode::emitBytecode):
            (JSC::FunctionBodyNode::emitBytecode):
              - Plumbed line and lineStart through the above as needed.

            * interpreter/Interpreter.cpp:
            (JSC::appendSourceToError):
              - Added line and column arguments for expressionRangeForBytecodeOffset().
            (JSC::StackFrame::computeLineAndColumn):
              - Replaces StackFrame::line() and StackFrame::column().
            (JSC::StackFrame::expressionInfo):
              - Added line and column arguments.
            (JSC::StackFrame::toString):
              - Changed to use the new StackFrame::computeLineAndColumn().
            (JSC::Interpreter::getStackTrace):
              - Added the needed firstLineColumnOffset arg for the StackFrame.

            * interpreter/Interpreter.h:
            * parser/ASTBuilder.h:
            (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo):
            (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo):
            (JSC::ASTBuilder::createResolve):
            (JSC::ASTBuilder::createBracketAccess):
            (JSC::ASTBuilder::createDotAccess):
            (JSC::ASTBuilder::createRegExp):
            (JSC::ASTBuilder::createNewExpr):
            (JSC::ASTBuilder::createAssignResolve):
            (JSC::ASTBuilder::createFunctionExpr):
            (JSC::ASTBuilder::createFunctionBody):
            (JSC::ASTBuilder::createGetterOrSetterProperty):
            (JSC::ASTBuilder::createFuncDeclStatement):
            (JSC::ASTBuilder::createBlockStatement):
            (JSC::ASTBuilder::createExprStatement):
            (JSC::ASTBuilder::createIfStatement):
            (JSC::ASTBuilder::createForLoop):
            (JSC::ASTBuilder::createForInLoop):
            (JSC::ASTBuilder::createVarStatement):
            (JSC::ASTBuilder::createReturnStatement):
            (JSC::ASTBuilder::createBreakStatement):
            (JSC::ASTBuilder::createContinueStatement):
            (JSC::ASTBuilder::createTryStatement):
            (JSC::ASTBuilder::createSwitchStatement):
            (JSC::ASTBuilder::createWhileStatement):
            (JSC::ASTBuilder::createDoWhileStatement):
            (JSC::ASTBuilder::createLabelStatement):
            (JSC::ASTBuilder::createWithStatement):
            (JSC::ASTBuilder::createThrowStatement):
            (JSC::ASTBuilder::createDebugger):
            (JSC::ASTBuilder::createConstStatement):
            (JSC::ASTBuilder::appendBinaryExpressionInfo):
            (JSC::ASTBuilder::appendUnaryToken):
            (JSC::ASTBuilder::unaryTokenStackLastStart):
            (JSC::ASTBuilder::unaryTokenStackLastLineStartPosition): Added.
            (JSC::ASTBuilder::assignmentStackAppend):
            (JSC::ASTBuilder::createAssignment):
            (JSC::ASTBuilder::setExceptionLocation):
            (JSC::ASTBuilder::makeDeleteNode):
            (JSC::ASTBuilder::makeFunctionCallNode):
            (JSC::ASTBuilder::makeBinaryNode):
            (JSC::ASTBuilder::makeAssignNode):
            (JSC::ASTBuilder::makePrefixNode):
            (JSC::ASTBuilder::makePostfixNode):.
              - Plumbed line, lineStart, and startColumn through the above as needed.

            * parser/Lexer.cpp:
            (JSC::::currentSourcePtr):
            (JSC::::setCode):
              - Added tracking for sourceoffset and lineStart.
            (JSC::::internalShift):
            (JSC::::parseIdentifier):
              - Added tracking for lineStart.
            (JSC::::parseIdentifierSlowCase):
            (JSC::::parseString):
              - Added tracking for lineStart.
            (JSC::::parseStringSlowCase):
            (JSC::::lex):
              - Added tracking for sourceoffset.
            (JSC::::sourceCode):
            * parser/Lexer.h:
            (JSC::Lexer::currentOffset):
            (JSC::Lexer::currentLineStartOffset):
            (JSC::Lexer::setOffset):
              - Added tracking for lineStart.
            (JSC::Lexer::offsetFromSourcePtr): Added. conversion function.
            (JSC::Lexer::sourcePtrFromOffset): Added. conversion function.
            (JSC::Lexer::setOffsetFromSourcePtr):
            (JSC::::lexExpectIdentifier):
              - Added tracking for sourceoffset and lineStart.

            * parser/NodeConstructors.h:
            (JSC::Node::Node):
            (JSC::ResolveNode::ResolveNode):
            (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
            (JSC::FunctionCallValueNode::FunctionCallValueNode):
            (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
            (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
            (JSC::FunctionCallDotNode::FunctionCallDotNode):
            (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
            (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
            (JSC::PostfixNode::PostfixNode):
            (JSC::DeleteResolveNode::DeleteResolveNode):
            (JSC::DeleteBracketNode::DeleteBracketNode):
            (JSC::DeleteDotNode::DeleteDotNode):
            (JSC::PrefixNode::PrefixNode):
            (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
            (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
            (JSC::AssignBracketNode::AssignBracketNode):
            (JSC::AssignDotNode::AssignDotNode):
            (JSC::ReadModifyDotNode::ReadModifyDotNode):
            (JSC::AssignErrorNode::AssignErrorNode):
            (JSC::WithNode::WithNode):
            (JSC::ForInNode::ForInNode):
              - Plumbed line and lineStart through the above as needed.
            * parser/Nodes.cpp:
            (JSC::StatementNode::setLoc): Plumbed lineStart.
            (JSC::ScopeNode::ScopeNode): Plumbed lineStart.
            (JSC::ProgramNode::ProgramNode): Plumbed startColumn.
            (JSC::ProgramNode::create): Plumbed startColumn.
            (JSC::EvalNode::create):
            (JSC::FunctionBodyNode::FunctionBodyNode): Plumbed startColumn.
            (JSC::FunctionBodyNode::create): Plumbed startColumn.
            * parser/Nodes.h:
            (JSC::Node::startOffset):
            (JSC::Node::lineStartOffset): Added.
            (JSC::StatementNode::firstLine):
            (JSC::StatementNode::lastLine):
            (JSC::ThrowableExpressionData::ThrowableExpressionData):
            (JSC::ThrowableExpressionData::setExceptionSourceCode):
            (JSC::ThrowableExpressionData::divotStartOffset):
            (JSC::ThrowableExpressionData::divotEndOffset):
            (JSC::ThrowableExpressionData::divotLine):
            (JSC::ThrowableExpressionData::divotLineStart):
            (JSC::ThrowableSubExpressionData::ThrowableSubExpressionData):
            (JSC::ThrowableSubExpressionData::setSubexpressionInfo):
            (JSC::ThrowableSubExpressionData::subexpressionDivot):
            (JSC::ThrowableSubExpressionData::subexpressionStartOffset):
            (JSC::ThrowableSubExpressionData::subexpressionEndOffset):
            (JSC::ThrowableSubExpressionData::subexpressionLine):
            (JSC::ThrowableSubExpressionData::subexpressionLineStart):
            (JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData):
            (JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo):
            (JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot):
            (JSC::ThrowablePrefixedSubExpressionData::subexpressionStartOffset):
            (JSC::ThrowablePrefixedSubExpressionData::subexpressionEndOffset):
            (JSC::ThrowablePrefixedSubExpressionData::subexpressionLine):
            (JSC::ThrowablePrefixedSubExpressionData::subexpressionLineStart):
            (JSC::ScopeNode::startStartOffset):
            (JSC::ScopeNode::startLineStartOffset):
            (JSC::ProgramNode::startColumn):
            (JSC::EvalNode::startColumn):
            (JSC::FunctionBodyNode::startColumn):
              - Plumbed line and lineStart through the above as needed.
            * parser/Parser.cpp:
            (JSC::::Parser):
            (JSC::::parseSourceElements):
            (JSC::::parseVarDeclarationList):
            (JSC::::parseConstDeclarationList):
            (JSC::::parseForStatement):
            (JSC::::parseBreakStatement):
            (JSC::::parseContinueStatement):
            (JSC::::parseReturnStatement):
            (JSC::::parseThrowStatement):
            (JSC::::parseWithStatement):
              - Plumbed line and lineStart through the above as needed.
            (JSC::::parseFunctionBody):
              - Plumbed startColumn.
            (JSC::::parseFunctionInfo):
            (JSC::::parseFunctionDeclaration):
            (JSC::LabelInfo::LabelInfo):
            (JSC::::parseExpressionOrLabelStatement):
            (JSC::::parseAssignmentExpression):
            (JSC::::parseBinaryExpression):
            (JSC::::parseProperty):
            (JSC::::parseObjectLiteral):
            (JSC::::parsePrimaryExpression):
            (JSC::::parseMemberExpression):
            (JSC::::parseUnaryExpression):
              - Plumbed line, lineStart, startColumn through the above as needed.
            * parser/Parser.h:
            (JSC::Parser::next):
            (JSC::Parser::nextExpectIdentifier):
            (JSC::Parser::tokenStart):
            (JSC::Parser::tokenColumn):
            (JSC::Parser::tokenEnd):
            (JSC::Parser::tokenLineStart):
            (JSC::Parser::lastTokenLine):
            (JSC::Parser::lastTokenLineStart):
            (JSC::::parse):
            * parser/ParserTokens.h:
            (JSC::JSTokenLocation::JSTokenLocation):
              - Plumbed lineStart.
            (JSC::JSTokenLocation::lineStartPosition):
            (JSC::JSTokenLocation::startPosition):
            (JSC::JSTokenLocation::endPosition):
            * parser/SourceCode.h:
            (JSC::SourceCode::SourceCode):
            (JSC::SourceCode::startColumn):
            (JSC::makeSource):
            (JSC::SourceCode::subExpression):
            * parser/SourceProvider.cpp: delete old code.
            * parser/SourceProvider.h: delete old code.
            * parser/SourceProviderCacheItem.h:
            (JSC::SourceProviderCacheItem::closeBraceToken):
            (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
              - Plumbed lineStart.
            * parser/SyntaxChecker.h:
            (JSC::SyntaxChecker::makeFunctionCallNode):
            (JSC::SyntaxChecker::makeAssignNode):
            (JSC::SyntaxChecker::makePrefixNode):
            (JSC::SyntaxChecker::makePostfixNode):
            (JSC::SyntaxChecker::makeDeleteNode):
            (JSC::SyntaxChecker::createResolve):
            (JSC::SyntaxChecker::createBracketAccess):
            (JSC::SyntaxChecker::createDotAccess):
            (JSC::SyntaxChecker::createRegExp):
            (JSC::SyntaxChecker::createNewExpr):
            (JSC::SyntaxChecker::createAssignResolve):
            (JSC::SyntaxChecker::createFunctionExpr):
            (JSC::SyntaxChecker::createFunctionBody):
            (JSC::SyntaxChecker::createFuncDeclStatement):
            (JSC::SyntaxChecker::createForInLoop):
            (JSC::SyntaxChecker::createReturnStatement):
            (JSC::SyntaxChecker::createBreakStatement):
            (JSC::SyntaxChecker::createContinueStatement):
            (JSC::SyntaxChecker::createWithStatement):
            (JSC::SyntaxChecker::createLabelStatement):
            (JSC::SyntaxChecker::createThrowStatement):
            (JSC::SyntaxChecker::createGetterOrSetterProperty):
            (JSC::SyntaxChecker::appendBinaryExpressionInfo):
            (JSC::SyntaxChecker::operatorStackPop):
              - Made SyntaxChecker prototype changes to match ASTBuilder due to new
                args added for plumbing line, lineStart, and startColumn.
            * runtime/CodeCache.cpp:
            (JSC::CodeCache::generateBytecode):
            (JSC::CodeCache::getCodeBlock):
              - Plumbed startColumn.
            * runtime/Executable.cpp:
            (JSC::FunctionExecutable::FunctionExecutable):
            (JSC::ProgramExecutable::compileInternal):
            (JSC::FunctionExecutable::produceCodeBlockFor):
            (JSC::FunctionExecutable::fromGlobalCode):
              - Plumbed startColumn.
            * runtime/Executable.h:
            (JSC::ScriptExecutable::startColumn):
            (JSC::ScriptExecutable::recordParse):
            (JSC::FunctionExecutable::create):
              - Plumbed startColumn.

2013-07-08  Lucas Forschler  <lforschler@apple.com>

        Merge r152052

    2013-06-26  Anders Carlsson  <andersca@apple.com>

            Add JSStringCreateWithCharactersNoCopy SPI
            https://bugs.webkit.org/show_bug.cgi?id=118074
            <rdar://problem/14279905>

            Reviewed by Geoffrey Garen.

            * API/JSStringRef.cpp:
            (JSStringCreateWithCharactersNoCopy):
            Create a new OpaqueJSString, using the newly added StringImpl::createWithoutCopying function.

            * API/JSStringRefPrivate.h: Added.
            Add a home for the JSStringCreateWithCharactersNoCopy function.

            * API/OpaqueJSString.h:
            (OpaqueJSString::OpaqueJSString):
            Just call isolatedCopy on the passed in string.

            * API/tests/testapi.c:
            Add an API test for JSStringCreateWithCharactersNoCopy.

            * JavaScriptCore.xcodeproj/project.pbxproj:
            Add new files.

2013-07-08  Lucas Forschler  <lforschler@apple.com>

        Merge r152314

    2013-07-02  Mark Hahnenberg  <mhahnenberg@apple.com>

            Replace RELEASE_ASSERT with ASSERT in CodeBlock:: bytecodeOffsetForCallAtIndex
            https://bugs.webkit.org/show_bug.cgi?id=118316

            Reviewed by Geoffrey Garen.

            This is causing some crashiness in release builds. We should replace it with an ASSERT 
            until we track down all the places that need fixing in bug 118315.

            * bytecode/CodeBlock.h:
            (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):

2013-07-01  Lucas Forschler  <lforschler@apple.com>

        Merge r152091

    2013-06-27  Timothy Hatcher  <timothy@apple.com>

            Notify the debugger about functions created from source code via new Function() or WebCore::JSLazyEventListener.

            https://bugs.webkit.org/show_bug.cgi?id=118063

            Reviewed by Geoffrey Garen.

            * bytecode/UnlinkedCodeBlock.cpp:
            (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Call Debugger::sourceParsed.

2013-07-01  Lucas Forschler  <lforschler@apple.com>

        Merge r151978

    2013-06-25  Ryosuke Niwa  <rniwa@webkit.org>

            JSString should remember AtomicString
            https://bugs.webkit.org/show_bug.cgi?id=117386

            Reviewed by Geoffrey Garen.

            Added JSValue::toAtomicString and JSString::atomicString. These two functions allow WebCore to update
            JSString's m_value to set isAtomic flag and avoid the AtomicStringTable lookups in subsequent attempts
            to obtain the AtomicString of the same value.

            * runtime/JSCJSValue.h:
            * runtime/JSString.h:
            (JSC::JSString::atomicString):
            (JSC::JSValue::toAtomicString):

2013-06-25  Lucas Forschler  <lforschler@apple.com>

        Merge r151786

    2013-06-20  Mark Hahnenberg  <mhahnenberg@apple.com>

            Improper deallocation of JSManagedValue causes crashes during autorelease pool draining
            https://bugs.webkit.org/show_bug.cgi?id=117840

            Reviewed by Geoffrey Garen.

            Improperly managing a JSManagedValue can cause a crash when the JSC::Weak inside the 
            JSManagedValue is destroyed upon deallocation. We would rather have improperly maintained 
            JSManagedValues cause memory leaks than take down the whole app. 

            The fix is to use the callback to the JSC::Weak on the destruction of the VM so that we 
            can safely null it out. This will prevent ~Weak from crashing.

            * API/JSManagedValue.mm:
            (-[JSManagedValue JSC::JSC::]):
            (JSManagedValueHandleOwner::finalize):
            * API/tests/testapi.mm: Added a test that crashed prior to this fix due to a leaked 
            managed reference. Also fixed a small style nit I noticed in another test.

2013-06-25  Lucas Forschler  <lforschler@apple.com>

        Merge r151923

    2013-06-24  Roger Fong  <roger_fong@apple.com>

            Unreviewed. Makefile build fix for AppleWindows.

            * JavaScriptCore.vcxproj/JavaScriptCore.make:

2013-06-21  Lucas Forschler  <lforschler@apple.com>

        Merge r151787

    2013-06-20  Roger Fong  <roger_fong@apple.com>

            Make Windows makefile copy build output to a different folder.
            <rdar://problem/14219184>.

            * JavaScriptCore.vcxproj/JavaScriptCore.make:

2013-06-18  Roger Fong  <roger_fong@apple.com>

        Disable some feature flags.
        <rdar://problem/14171207>.

        Rubberstamped by Jon Lee.

        * Configurations/FeatureDefines.xcconfig:

2013-06-18  Oliver Hunt  <oliver@apple.com>

        Going to google.com/trends causes a crash
        https://bugs.webkit.org/show_bug.cgi?id=117602

        Reviewed by Geoffrey Garen.

        When handling op_throw, etc we need to flush the variables and arguments
        for the entire inline stack, not just the top frame.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::flushAllArgumentsAndCapturedVariablesInInlineStack):
        (JSC::DFG::ByteCodeParser::parseBlock):

2013-06-18  Roger Fong  <roger_fong@apple.com>

        Replace tools32 folder with tools and update WebKit Windows solution accordingly.
        <rdar://problem/14118143>.

        Rubberstamped by Brent Fulgham.

        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
        * JavaScriptCore.vcxproj/jsc/jscDebug.props:
        * JavaScriptCore.vcxproj/jsc/jscProduction.props:
        * JavaScriptCore.vcxproj/jsc/jscRelease.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
        * JavaScriptCore.vcxproj/testapi/testapiDebug.props:
        * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
        * JavaScriptCore.vcxproj/testapi/testapiProduction.props:
        * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
        * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:

2013-06-17  Roger Fong  <roger_fong@apple.com>

        Modify Windows makefiles to copy some bin output into Program Files.
        https://bugs.webkit.org/show_bug.cgi?id=117714.
        <rdar://problem/14179054>

        Reviewed by Brent Fulgham.

        * JavaScriptCore.vcxproj/JavaScriptCore.make:

2013-06-14  Ryosuke Niwa  <rniwa@webkit.org>

        Function names on Object.prototype should be common identifiers
        https://bugs.webkit.org/show_bug.cgi?id=117614

        Reviewed by Darin Adler.

        Patch written by Sam Weinig. Make Object's prototype function names common identififers since they're used frequently.

        * runtime/CommonIdentifiers.h:
        * runtime/FunctionConstructor.cpp:
        (JSC::constructFunction):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * runtime/JSObject.h:
        * runtime/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::finishCreation):
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::finishCreation):

2013-06-13  Ryosuke Niwa  <rniwa@webkit.org>

        Remove LiteralIdentifierTable
        https://bugs.webkit.org/show_bug.cgi?id=117613

        Reviewed by Geoffrey Garen.

        Removed LiteralIdentifierTable since it doesn't seem to have any perf. impact now.

        * runtime/Identifier.cpp:
        (JSC::Identifier::add):

2013-06-12  Conrad Shultz  <conrad_shultz@apple.com>

        JSExport header documentation substitutes "semicolon" for "colon"
        https://bugs.webkit.org/show_bug.cgi?id=117552

        Reviewed by Mark Hahnenberg.

        * API/JSExport.h:
        Fix a couple typos.

2013-06-10  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>

        [JSC] Remove a vestige of wxWidgets support.
        https://bugs.webkit.org/show_bug.cgi?id=117419

        Reviewed by Benjamin Poulain.

        * runtime/JSExportMacros.h: Remove a check for BUILDING_WX__ that
        seems to have gone unnoticed when the wxWidgets port was removed.

2013-06-06  Roger Fong  <roger_fong@apple.com>

        Stop copying AAS binaries into build folder.
        https://bugs.webkit.org/show_bug.cgi?id=117319.

        Rubberstamped by Darin Adler.

        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:

2013-06-05  Filip Pizlo  <fpizlo@apple.com>

        DFG CFA shouldn't filter ArrayModes with ALL_NON_ARRAY_ARRAY_MODES if the speculated type is not SpecArray
        https://bugs.webkit.org/show_bug.cgi?id=117279
        <rdar://problem/14078025>        

        Reviewed by Mark Hahnenberg.

        * dfg/DFGAbstractValue.h:
        (JSC::DFG::AbstractValue::filterArrayModesByType):

2013-06-05  Michael Saboff  <msaboff@apple.com>

        JSC: Crash beneath cti_op_div @ http://gmailblog.blogspot.com
        https://bugs.webkit.org/show_bug.cgi?id=117280

        Reviewed by Filip Pizlo.

        Updated the merging of VariableAccessData nodes in ArgumentPosition lists
        to find the unified VariableAccessData node that is the root of the
        current node instead of using the current node directly when merging
        attributes.
        Added new dump code to dump the ArgumentPosition list.

        * dfg/DFGArgumentPosition.h:
        (JSC::DFG::rgumentPosition::mergeArgumentPredictionAwareness):
        (JSC::DFG::ArgumentPosition::mergeArgumentUnboxingAwareness):
        (JSC::DFG::ArgumentPosition::dump):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):

2013-06-05  Bear Travis  <betravis@adobe.com>

        [CSS Exclusions][CSS Shapes] Split CSS Exclusions & Shapes compile & runtime flags
        https://bugs.webkit.org/show_bug.cgi?id=117172

        Reviewed by Alexandru Chiculita.

        Adding the CSS_SHAPES compile flag.

        * Configurations/FeatureDefines.xcconfig:

2013-06-05  Balazs Kilvady  <kilvadyb@homejinni.com>

        JSC Assertion tests failures on MIPS.
        https://bugs.webkit.org/show_bug.cgi?id=116552

        Reviewed by Geoffrey Garen.

        Fix condition handlig in branchAdd32 implemetations.

        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::branchAdd32):

2013-06-04  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Add floating point absolute function support in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=117147

        Reviewed by Geoffrey Garen.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
        (JSC::MacroAssemblerSH4::absDouble):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::dabs):
        (JSC::SH4Assembler::printInstr):

2013-06-04  Zan Dobersek  <zdobersek@igalia.com>

        [JSC] Test262 15.5.4.9_3 test is failing
        https://bugs.webkit.org/show_bug.cgi?id=116789

        Reviewed by Geoffrey Garen.

        Bring the String.prototype.localeCompare behavior in line wit ES5 15.9.4.9.
        If method is not given enough arguments, the minimal amount of arguments must be assumed, with their value being undefined.
        The first argument to localeCompare, in its string form, is used as the 'that' string that's used in the comparison.
        Therefor, when calling str.localeCompare() or str.localeCompare(undefined), the first argument is `undefined` and the
        string "undefined" is used as the string to which value of str is compared.

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncLocaleCompare): Remove the early return in case of no given arguments to achieve the desired behavior.

2013-06-03  Hojong Han  <hojong.han@samsung.com>

        [EFL] Implement GCActivityCallback
        https://bugs.webkit.org/show_bug.cgi?id=95923

        Reviewed by Geoffrey Garen.

        Implements the activity triggered garbage collector.
        Additional GCs can be triggered by platfrom timer.
        It has sort of compaction effect not to make JSC heap grow fast
        so that memory usage becomes lower than usual.

        * PlatformEfl.cmake: Added.
        * heap/HeapTimer.cpp:
        (JSC):
        (JSC::HeapTimer::HeapTimer):
        (JSC::HeapTimer::~HeapTimer):
        (JSC::HeapTimer::add):
        (JSC::HeapTimer::stop):
        (JSC::HeapTimer::timerEvent):
        * heap/HeapTimer.h:
        (HeapTimer):
        * jsc.cpp:
        (main):
        * runtime/GCActivityCallback.cpp:
        (JSC):
        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
        (JSC::DefaultGCActivityCallback::scheduleTimer):
        (JSC::DefaultGCActivityCallback::cancelTimer):
        (JSC::DefaultGCActivityCallback::didAllocate):
        * runtime/GCActivityCallback.h:
        (GCActivityCallback):
        (JSC::GCActivityCallback::GCActivityCallback):
        (DefaultGCActivityCallback):

2013-06-03  Roger Fong  <roger_fong@apple.com>

        Nuke VS2005 files from the tree.
        <rdar://problem/14042021>.

        Rubberstamped by Brent Fulgham.

        * JavaScriptCore.vcproj: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore.make: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore.resources: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePGOOptimize.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreLink.cmd: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed.
        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed.
        * JavaScriptCore.vcproj/LLIntAssembly: Removed.
        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.make: Removed.
        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Removed.
        * JavaScriptCore.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed.
        * JavaScriptCore.vcproj/LLIntDesiredOffsets: Removed.
        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed.
        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Removed.
        * JavaScriptCore.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc: Removed.
        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Removed.
        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: Removed.
        * JavaScriptCore.vcproj/jsc/jscPreBuild.cmd: Removed.
        * JavaScriptCore.vcproj/jsc/jscPreLink.cmd: Removed.
        * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi: Removed.
        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Removed.
        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd: Removed.
        * JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd: Removed.
        * JavaScriptCore.vcproj/testapi/testapiPreLink.cmd: Removed.
        * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Removed.

2013-05-31  Filip Pizlo  <fpizlo@apple.com>

        Incorrect assertion in DFG::Graph::uncheckedActivationRegisterFor()
        <rdar://problem/13989324>

        Rubber stamped by Mark Hahnenberg.
        
        This has a bogus assertion that checks that the passed CodeOrigin doesn't have
        an inline call frame. This was well intentioned in the sense that it is true
        that inlined call frames wouldn't have an activation register. But that doesn't
        mean that people won't ask. Removing the assertion fixes a debug-only crash and
        has no impact on production code. This change adds a comment to that effect.

        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::uncheckedActivationRegisterFor):

2013-05-31  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Fix Overflow case of branchMul32 in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=117057

        Reviewed by Oliver Hunt.

        Current implementation of Overflow case in branchMul32 performs an
        unsigned multiplication whereas a signed multiplication is expected.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchMul32):

2013-05-31  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Fix floating point comparisons in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=117066.

        Reviewed by Oliver Hunt.

        Current implementation of branchDouble function in baseline JIT is wrong
        for some conditions and overkill for others. For instance:
        - With DoubleGreaterThanOrEqual condition, branch will be taken if either
          operand is NaN with current implementation whereras it should not.
        - With DoubleNotEqualOrUnordered condition, performed NaN checks are
          useless (because comparison result is false if either operand is NaN).

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchDouble):

2013-05-31  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Fix double floating point transfer in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=117054

        Reviewed by Oliver Hunt.

        In current implementation, dmovRegReg function transfers only one single
        FPRegister as PR=1 and SZ=0 in floating point status/control register.
        Double transfers must be performed with two fmov.s opcodes.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::moveDouble):
        (JSC::MacroAssemblerSH4::addDouble): Handle (op2==dest) case properly.
        (JSC::MacroAssemblerSH4::sqrtDouble):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::fmovsRegReg):

2013-05-31  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Handle branchType properly in branchTruncateDoubleToInt32.
        https://bugs.webkit.org/show_bug.cgi?id=117062

        Reviewed by Oliver Hunt.

        Current implementation of branchTruncateDoubleToInt32 is incorrect
        when branchType == BranchIfTruncateSuccessful in sh4 baseline JIT.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):

2013-05-31  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed build fix for VS2005 builders.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Add
        missing export for WTF::SHA1::computeHexDigest

2013-05-30  David Farler  <dfarler@apple.com>

        Fix jscore-test when not using --sdk option with jsDriver.pl
        https://bugs.webkit.org/show_bug.cgi?id=116339

        Reviewed by Joe Pecoraro.

        * tests/mozilla/jsDriver.pl:
        (execute_tests):
        With each test, the shell_command needs to be started from scratch.

        This fix will clear the shell_command and start over as before with
        the opt_arch option when not using --sdk with jsDriver.pl.

2013-05-30  Roger Fong  <roger_fong@apple.com>

        Get rid of JavaScript exports file on AppleWin port.
        https://bugs.webkit.org/show_bug.cgi?id=117050.

        Reviewed by Darin Adler.

        Delete the JavaScriptCoreExportGenerator folder and remove dependencies.
        Start linking in WTF.lib now that it's a shared library.

        * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/make-export-file-generator: Removed.
        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:

2013-05-22  David Farler  <dfarler@apple.com>

        Add --sdk option to jsDriver.pl to run with iOS Simulator
        https://bugs.webkit.org/show_bug.cgi?id=116339

        Reviewed by David Kilzer.

        * tests/mozilla/jsDriver.pl:
        (execute_tests):
        Prefix shell command with the path to the "sim" tool.
        (parse_args):
        Add -d / --sdk option.
        (usage):
        Help message for -d / --sdk option.

2013-05-30  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Optimize NaN checks in LLINT for floating point comparisons.
        https://bugs.webkit.org/show_bug.cgi?id=117049

        Reviewed by Oliver Hunt.

        Use the fcmp/eq opcode in sh4 LLINT to test if a double is NaN.
        This is more efficient, doesn't require two tmp registers and requires
        less code than current implementation (which converts double to float,
        then checks 'E = Emax + 1' and 'f != 0').

        * offlineasm/sh4.rb:

2013-05-30  Oliver Hunt  <oliver@apple.com>

        JSCallbackObject does not correctly initialise the PropertySlot for getOwnPropertyDescriptor
        https://bugs.webkit.org/show_bug.cgi?id=117053

        Reviewed by Mark Hahnenberg.

        Set appropriate thisValue on the PropertySlot

        * API/JSCallbackObjectFunctions.h:
        (JSC::::getOwnPropertyDescriptor):
        * API/tests/testapi.mm:

2013-05-29  Jeffrey Pfau  <jpfau@apple.com>

        [Mac] Enable cache partitioning and the public suffix list on 10.8
        <rdar://problem/13679019>

        Rubber-stamped by David Kilzer.

        * Configurations/FeatureDefines.xcconfig:

2013-05-28  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Put correct byteCompile symbol in file. Previous version
        had an extra 'i' appended to the end.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-05-28  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed build fix.  Remove ?byteCompile symbol that
        is no longer accessible during link.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-05-28  Gavin Barraclough  <barraclough@apple.com>

        String(new Date(2010,10,1)) is wrong in KRAT, YAKT
        https://bugs.webkit.org/show_bug.cgi?id=106750

        Reviewed by Darin Adler.

        * runtime/JSDateMath.cpp:
        (JSC::msToGregorianDateTime):
            - Additional review comment fix.

2013-05-28  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed build fix after r150833

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        A CR/LF combination was lost in the file, combining two symbols.

2013-05-27  Gavin Barraclough  <barraclough@apple.com>

        String(new Date(2010,10,1)) is wrong in KRAT, YAKT
        https://bugs.webkit.org/show_bug.cgi?id=106750

        Reviewed by Darin Adler.

        First part of a fix, simplfy date handling code, instead of operating separately
        on the UTC-standard and standard-DST offsets, just generate a combined UTC-local
        offset (this is what we actually need, and what the OS gives us).

        * runtime/JSDateMath.cpp:
        (JSC::getLocalTimeOffset):
            - removed getUTCOffset, converted getDSTOffset -> getLocalTimeOffset
        (JSC::gregorianDateTimeToMS):
        (JSC::msToGregorianDateTime):
        (JSC::parseDateFromNullTerminatedCharacters):
            - call getLocalTimeOffset instead of getUTCOffset/getDSTOffset
        * runtime/VM.cpp:
        (JSC::VM::resetDateCache):
            - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
        * runtime/VM.h:
        (JSC::LocalTimeOffsetCache::LocalTimeOffsetCache):
        (JSC::LocalTimeOffsetCache::reset):
        (LocalTimeOffsetCache):
            - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache

2013-05-28  Mark Hahnenberg  <mhahnenberg@apple.com>

        r150199 is very wrong
        https://bugs.webkit.org/show_bug.cgi?id=116876

        JSValue needs to protect its internal JSValueRef.

        Reviewed by Darin Adler.

        * API/JSValue.mm:
        (-[JSValue initWithValue:inContext:]):
        (-[JSValue dealloc]):
        * API/tests/testapi.mm: Added a simple test to make sure that we protect the
        underlying JavaScript value across garbage collections.

2013-05-27  Patrick Gansterer  <paroga@webkit.org>

        Use ICU_INCLUDE_DIRS in BlackBerry CMake files
        https://bugs.webkit.org/show_bug.cgi?id=116210

        Reviewed by Rob Buis.

        Set and use the ICU_INCLUDE_DIRS variable to avoid
        duplicated adding of the ICU include directory.

        * PlatformBlackBerry.cmake:

2013-05-27  Gabor Rapcsanyi  <rgabor@webkit.org>

        MacroAssemblerARM should use xor to swap registers instead of move
        https://bugs.webkit.org/show_bug.cgi?id=116306

        Reviewed by Zoltan Herczeg.

        Change register swapping to xor from move and this way we don't need
        temporary register anymore.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::swap):

2013-05-25  Filip Pizlo  <fpizlo@apple.com>

        We broke (-2^31/-1)|0 in the DFG
        https://bugs.webkit.org/show_bug.cgi?id=116767

        Reviewed by Andreas Kling.
        
        The bug is that we were assuming that in the -2^31 case, we already had -2^31
        in the result register. This was a wrong assumption.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):

2013-05-24  Filip Pizlo  <fpizlo@apple.com>

        We broke !(0/0)
        https://bugs.webkit.org/show_bug.cgi?id=116736

        Reviewed by Gavin Barraclough.

        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createLogicalNot):
        * runtime/JSCJSValueInlines.h:
        (JSC::JSValue::pureToBoolean):

2013-05-24  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Optimize LLINT generated code and fix few bugs in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=116716

        Reviewed by Geoffrey Garen.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::mul32): Cosmetic changes.
        (JSC::MacroAssemblerSH4::convertInt32ToDouble): Absolute address was not dereferenced.
        (JSC::MacroAssemblerSH4::branch32): Absolute address was not dereferenced.
        (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): Use all 32 bits of pointer for revertJump call.
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::revertJump): Use changePCrelativeAddress to patch the whole pointer.
        (JSC::SH4Assembler::linkJump): Cosmetic change.
        * offlineasm/sh4.rb: Optimize LLINT generated code.

2013-05-23  Peter Wang  <peter.wang@torchmobile.com.cn>

        CLoop llint backend should not use the d8 register as scratch register
        https://bugs.webkit.org/show_bug.cgi?id=116019

        Reviewed by Csaba Osztrogonác.

        * offlineasm/cloop.rb:

2013-05-22  Peter Wang  <peter.wang@torchmobile.com.cn>

        Use uninitialized register in "JIT::emit_op_neq_null" and "emit_op_eq_null"
        https://bugs.webkit.org/show_bug.cgi?id=116593

        Reviewed by Filip Pizlo.

        Generated instructions using uninitialized register. It's caused by a mistake of r126494.

        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_eq_null):
        (JSC::JIT::emit_op_neq_null):

2013-05-22  Filip Pizlo  <fpizlo@apple.com>

        Fix indentation of CodeBlock.h

        Rubber stampted by Mark Hahnenberg.

        * bytecode/CodeBlock.h:

2013-05-22  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Remove MacroAssemblerSH4.cpp file.
        https://bugs.webkit.org/show_bug.cgi?id=116596.

        Reviewed by Geoffrey Garen.

        Move linkCall and repatchCall implementations from MacroAssemblerSH4.cpp
        to MacroAssemblerSH4.h and remove MacroAssemblerSH4.cpp, as it is done
        for other architectures.

        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * assembler/MacroAssemblerSH4.cpp: Removed.
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::linkCall):
        (MacroAssemblerSH4):
        (JSC::MacroAssemblerSH4::repatchCall):

2013-05-21  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed speculative fix for test-bots.

        Add export declaration for WTFInvokeCrashHook to avoid runtime
        load error on test bots.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-05-21  Mark Lam  <mark.lam@apple.com>

        Added missing assert condition for PositiveOrZero in ARM branch32().
        https://bugs.webkit.org/show_bug.cgi?id=116538.

        Reviewed by Geoffrey Garen.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::branchAdd32):

2013-05-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        Disable SuperRegion
        https://bugs.webkit.org/show_bug.cgi?id=116362

        Rubber stamped by Geoff Garen.

        * heap/Region.h:

2013-05-20  Oliver Hunt  <oliver@apple.com>

        Make C API more robust against null contexts
        https://bugs.webkit.org/show_bug.cgi?id=116462

        Reviewed by Anders Carlsson.

        Handle null contexts in a non-crashy way.  It's a bug to ever call the
        API with a null context, and the absence of a context means we can't
        produce a meaningful result, so we still assert in debug builds.

        Now where possible we detect and early return, returning null for any
        pointer type, NaN for doubles, and false for any boolean result.

        * API/JSBase.cpp:
        (JSEvaluateScript):
        (JSCheckScriptSyntax):
        (JSReportExtraMemoryCost):
        * API/JSContextRef.cpp:
        (JSContextGetGlobalObject):
        (JSContextGetGroup):
        (JSContextGetGlobalContext):
        (JSContextCreateBacktrace):
        * API/JSObjectRef.cpp:
        (JSObjectMake):
        (JSObjectMakeFunctionWithCallback):
        (JSObjectMakeConstructor):
        (JSObjectMakeFunction):
        (JSObjectMakeArray):
        (JSObjectMakeDate):
        (JSObjectMakeError):
        (JSObjectMakeRegExp):
        (JSObjectGetPrototype):
        (JSObjectSetPrototype):
        (JSObjectHasProperty):
        (JSObjectGetProperty):
        (JSObjectSetProperty):
        (JSObjectGetPropertyAtIndex):
        (JSObjectSetPropertyAtIndex):
        (JSObjectDeleteProperty):
        (JSObjectCopyPropertyNames):
        * API/JSValueRef.cpp:
        (JSValueGetType):
        (JSValueIsUndefined):
        (JSValueIsNull):
        (JSValueIsBoolean):
        (JSValueIsNumber):
        (JSValueIsString):
        (JSValueIsObject):
        (JSValueIsObjectOfClass):
        (JSValueIsEqual):
        (JSValueIsStrictEqual):
        (JSValueIsInstanceOfConstructor):
        (JSValueMakeUndefined):
        (JSValueMakeNull):
        (JSValueMakeBoolean):
        (JSValueMakeNumber):
        (JSValueMakeString):
        (JSValueMakeFromJSONString):
        (JSValueCreateJSONString):
        (JSValueToBoolean):
        (JSValueToNumber):
        (JSValueToStringCopy):
        (JSValueToObject):
        (JSValueProtect):
        * API/JSWeakObjectMapRefPrivate.cpp:

2013-05-20  David Kilzer  <ddkilzer@apple.com>

        Synchronize FeatureDefines.xcconfig

        * Configurations/FeatureDefines.xcconfig: Remove
        ENABLE_LINK_PRERENDER.  This was missed in r150356.

2013-05-19  Anders Carlsson  <andersca@apple.com>

        Remove link prerendering code
        https://bugs.webkit.org/show_bug.cgi?id=116415

        Reviewed by Darin Adler.

        This code was only used by Chromium and is dead now.

        * Configurations/FeatureDefines.xcconfig:

2013-05-18  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Replace *_LIBRARY_NAME with *_OUTPUT_NAME
        https://bugs.webkit.org/show_bug.cgi?id=114554

        Reviewed by Gyuyoung Kim.

        Using variables as target names is very uncommon in CMake.
        The usual way to specify the name of the resulting binary
        is to set the OUTPUT_NAME target property.

        * CMakeLists.txt:
        * shell/CMakeLists.txt:

2013-05-17  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Remove invalid include paths
        https://bugs.webkit.org/show_bug.cgi?id=116213

        Reviewed by Gyuyoung Kim.

        Since "${JAVASCRIPTCORE_DIR}/wtf" does not exist, it is safe
        to remove them from the list of include directories.

        * PlatformEfl.cmake: Removed.
        * PlatformGTK.cmake: Removed.

2013-05-16  Patrick Gansterer  <paroga@webkit.org>

        Consolidate lists in JavaScriptCore CMake files
        https://bugs.webkit.org/show_bug.cgi?id=115992

        Reviewed by Gyuyoung Kim.

        Move common files into the CMakeLists.txt to avoid duplicating the list of files.
        Also rebase the recently added GTK files to match the other CMake ports, since
        the submitted patch was based on an older version of the source tree.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * shell/CMakeLists.txt:
        * shell/PlatformEfl.cmake:
        * shell/PlatformGTK.cmake:

2013-05-16  Geoffrey Garen  <ggaren@apple.com>

        JSValue shouldn't protect/unprotect its context
        https://bugs.webkit.org/show_bug.cgi?id=116234

        Reviewed by Mark Hahnenberg.

        Our retain on _context is sufficient.

        * API/JSValue.mm:
        (-[JSValue initWithValue:inContext:]):
        (-[JSValue dealloc]):

2013-05-15  Ryosuke Niwa  <rniwa@webkit.org>

        Another Windows build fix attempt after r150160.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-05-15  Oliver Hunt  <oliver@apple.com>

        RefCountedArray needs to use vector initialisers for its backing store
        https://bugs.webkit.org/show_bug.cgi?id=116194

        Reviewed by Gavin Barraclough.

        Use an out of line function to clear the exception stack to avoid
        needing to include otherwise unnecessary headers all over the place.

        Everything else is just being updated to use that.

        * bytecompiler/BytecodeGenerator.cpp:
        * interpreter/CallFrame.h:
        (JSC::ExecState::clearSupplementaryExceptionInfo):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::addStackTraceIfNecessary):
        (JSC::Interpreter::throwException):
        * runtime/JSGlobalObject.cpp:
        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
        * runtime/VM.cpp:
        (JSC):
        (JSC::VM::clearExceptionStack):
        * runtime/VM.h:
        (VM):
        (JSC::VM::exceptionStack):

2013-05-15  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r150051.
        http://trac.webkit.org/changeset/150051
        https://bugs.webkit.org/show_bug.cgi?id=116186

        Broke all JSC tests on Mac and the author is unresponsive
        (Requested by rniwa on #webkit).

        * JavaScriptCore.xcodeproj/project.pbxproj:

2013-05-15  Julien Brianceau  <jbrianceau@nds.com>

        Remove savedTimeoutReg from JITStackFrame for sh4 base JIT.
        https://bugs.webkit.org/show_bug.cgi?id=116143

        Reviewed by Geoffrey Garen.

        Since r148119, timeoutCheckRegister is removed from baseline JIT.
        So we don't need to save r8 register in JITStackFrame anymore for sh4.

        * jit/JITStubs.cpp:
        * jit/JITStubs.h:
        (JITStackFrame):

2013-05-15  Nico Weber  <thakis@chromium.org>

        WebKit doesn't support MSVS2003 any more, remove preprocessor checks for older versions.
        https://bugs.webkit.org/show_bug.cgi?id=116157

        Reviewed by Anders Carlsson.

        Also remove a gcc3.2 workaround.

        Merges parts of these two commits by the talented Nico Weber:
        https://chromium.googlesource.com/chromium/blink/+/3677e2f47348daeff405a40b6f90fbdf0654c2f5
        https://chromium.googlesource.com/chromium/blink/+/0fcd96c448dc30be1416dcc15713c53710c1a312

        * os-win32/inttypes.h:

2013-05-13  Alvaro Lopez Ortega  <alvaro@alobbs.com>

        Nightly build's jsc doesn't work without DYLD_FRAMEWORK...
        https://bugs.webkit.org/show_bug.cgi?id=79065

        Reviewed by Darin Adler.

        Fixes the build process so the depencencies of the jsc binary are
        modified before its copied to its target directory. In this way
        jsc should always use relative reference to the JavaScriptCore
        libraries.

        * JavaScriptCore.xcodeproj/project.pbxproj: Fixes the commands in
        the "Copy Into Framework" target.

2013-05-13  Mark Hahnenberg  <mhahnenberg@apple.com>

        Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers
        https://bugs.webkit.org/show_bug.cgi?id=116074

        If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the 
        scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the 
        JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM. 
        If this happens on a GC thread other than the "main" thread, we will deadlock. The solution 
        is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.

        Reviewed by Darin Adler.

        * API/JSVirtualMachine.mm:
        (scanExternalObjectGraph):

2013-05-13  Benjamin Poulain  <benjamin@webkit.org>

        Improve stringProtoFuncLastIndexOf for the prefix case
        https://bugs.webkit.org/show_bug.cgi?id=115952

        Reviewed by Geoffrey Garen.

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncLastIndexOf):
        Use the optimized string search when possible.

        On Joseph Pecoraro's tests, this gives a ~30% speed improvement.

2013-05-13  Zalan Bujtas  <zalan@apple.com>

        WebProcess consuming very high CPU on linkedin.com
        https://bugs.webkit.org/show_bug.cgi?id=115601

        Reviewed by Andreas Kling.

        Disable WEB_TIMING_MINIMAL.
        Turn off window.performance and performance.now(). Some JS frameworks expect
        additional Web Timing APIs, when performance.now() is available.

        * Configurations/FeatureDefines.xcconfig:

2013-05-12  Anders Carlsson  <andersca@apple.com>

        Stop including UnusedParam.h
        https://bugs.webkit.org/show_bug.cgi?id=116003

        Reviewed by Sam Weinig.

        UnusedParam.h is empty now so there's no need to include it anymore.

        * API/APICast.h:
        * API/tests/JSNode.c:
        * API/tests/JSNodeList.c:
        * API/tests/minidom.c:
        * API/tests/testapi.c:
        * assembler/AbstractMacroAssembler.h:
        * assembler/MacroAssemblerCodeRef.h:
        * bytecode/CodeBlock.cpp:
        * heap/HandleStack.h:
        * interpreter/JSStackInlines.h:
        * jit/CompactJITCodeMap.h:
        * jit/ExecutableAllocator.h:
        * parser/SourceProvider.h:
        * runtime/DatePrototype.cpp:
        * runtime/JSNotAnObject.cpp:
        * runtime/JSSegmentedVariableObject.h:
        * runtime/JSVariableObject.h:
        * runtime/Options.cpp:
        * runtime/PropertyOffset.h:

2013-05-11  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Add a basic cmake build for WTF and JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=115967

        Reviewed by Laszlo Gombos.

        * PlatformGTK.cmake: Added.
        * shell/PlatformGTK.cmake: Added.

2013-05-10  Laszlo Gombos  <l.gombos@samsung.com>

        Remove USE(OS_RANDOMNESS)
        https://bugs.webkit.org/show_bug.cgi?id=108095

        Reviewed by Darin Adler.

        Remove the USE(OS_RANDOMNESS) guard as it is turned on for all
        ports.

        * jit/JIT.cpp:
        (JSC::JIT::JIT):

2013-05-10  Mark Hahnenberg  <mhahnenberg@apple.com>

        Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase
        https://bugs.webkit.org/show_bug.cgi?id=115938

        We're going to add some more types of check hoisting soon, so let's have the right name here.

        Rubber stamped by Filip Pizlo.
        
        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGStructureCheckHoistingPhase.cpp: Removed.
        * dfg/DFGStructureCheckHoistingPhase.h: Removed.
        * dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp.
        (JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase):
        (JSC::DFG::performTypeCheckHoisting):
        * dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h.

2013-05-09  Christophe Dumez  <ch.dumez@sisa.samsung.com>

        Unreviewed build fix after r149836.

        It broke at least EFL and GTK builds. Move new static members initialization
        outside the class. Those need to have a definition outside the class because
        their address is used (e.g. CodeCacheMap::nonGlobalWorkingSetMaxEntries).

        * runtime/CodeCache.cpp:
        (JSC):
        * runtime/CodeCache.h:
        (CodeCacheMap):

2013-05-08  Oliver Hunt  <oliver@apple.com>

        Code cache stores bogus var references for functions in eval code
        https://bugs.webkit.org/show_bug.cgi?id=115747

        Reviewed by Mark Hahnenberg.

        Non-global eval now uses a per-CodeBlock cache, and only use it
        when we're at the top of a function's scope.  This means that we
        will no longer cache the parsing of a single string across
        multiple functions, and we won't cache when we're nested inside
        constructs like |with| and |catch| where previously we would, which
        is good because caching in those cases is unsound.

        * bytecode/EvalCodeCache.h:
        (JSC):
        (JSC::EvalCodeCache::getSlow):
        (JSC::EvalCodeCache::get):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::UnlinkedCodeBlock::codeCacheForEval):
        (UnlinkedCodeBlock):
        (RareData):
        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/Interpreter.cpp:
        (JSC::eval):
        * runtime/CodeCache.cpp:
        (JSC::CodeCache::CodeCache):
        (JSC::CodeCache::generateBytecode):
        (JSC):
        (JSC::CodeCache::getCodeBlock):
        * runtime/CodeCache.h:
        (JSC::CodeCacheMap::CodeCacheMap):
        (CodeCacheMap):
        (JSC::CodeCacheMap::canPruneQuickly):
        (JSC::CodeCacheMap::prune):
        (JSC::CodeCache::create):
        (CodeCache):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::EvalExecutable):
        (JSC::EvalExecutable::compileInternal):
        * runtime/Executable.h:
        (JSC::EvalExecutable::create):
        (EvalExecutable):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::createEvalCodeBlock):
        * runtime/JSGlobalObject.h:
        (JSGlobalObject):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval):
        * runtime/VM.cpp:
        (JSC::VM::VM):
        * runtime/VM.h:
        (VM):

2013-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>

        DFGArrayMode::fromObserved is too liberal when it sees different Array and NonArray shapes
        https://bugs.webkit.org/show_bug.cgi?id=115805

        Reviewed by Geoffrey Garen.

        It checks the observed ArrayModes to see if we have seen any ArrayWith* first. If so, it assumes it's 
        an Array::Array, even if we've also observed any NonArrayWith* in the ArrayProfile. This leads to the 
        code generated by jumpSlowForUnwantedArrayMode to check the indexing type against (shape | IsArray) 
        instead of just shape, which can cause us to exit a lot in the case that we saw a NonArray.

        To fix this we need to add a case that checks for both ArrayWith* and NonArrayWith* cases first, which 
        should then use Array::PossiblyArray, then do the checks we were already doing.

        * bytecode/ArrayProfile.h:
        (JSC::hasSeenArray):
        (JSC::hasSeenNonArray):
        * dfg/DFGArrayMode.cpp:
        (JSC::DFG::ArrayMode::fromObserved):

2013-05-09  Joe Mason  <jmason@blackberry.com>

        [BlackBerry] Set up logging buffer on start of jsc executable
        https://bugs.webkit.org/show_bug.cgi?id=114688

        Reviewed by Rob Buis.

        Internal PR: 322715
        Internally Reviewed By: Jeff Rogers

        * jsc.cpp:
        (main): call BB::Platform::setupApplicationLogging

2013-05-08  Michael Saboff  <msaboff@apple.com>

        JSC: There should be a disassembler for ARM Thumb 2
        https://bugs.webkit.org/show_bug.cgi?id=115827

        Reviewed by Filip Pizlo.

        Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging
        and profiling code.  The opcode coverage is currently not complete.  It covers all
        of the integer instructions JSC currently emits, but only a limited number of
        floating point opcodes.  Currently that is just the 64 bit vmov and vmsr instructions.

        The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes
        for each instruction group.  There is a public format method that does the bulk of
        the disassembly work.  There are two broad sub-classes, ARMv7D16BitOpcode and
        ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes.  There are sub-classes under
        those two classes for individual and related groups of opcodes.  Instructions are
        "dispatched" to the right subclass via two arrays of linked lists in the inner classes
        OpcodeGroup.  There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode.
        Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine
        that it matches a particular group.  OpcodeGroup uses a static method to reinterpret_cast
        the Opcode object to the right base class for the instruction group for formatting.
        The cast eliminates the need of allocating an object for each decoded instruction.
        Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether
        the instruction is 16 or 32 bit.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * disassembler/ARMv7: Added.
        * disassembler/ARMv7/ARMv7DOpcode.cpp: Added.
        (ARMv7Disassembler):
        (OpcodeGroupInitializer):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::init):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format):
        * disassembler/ARMv7/ARMv7DOpcode.h: Added.
        (ARMv7Disassembler):
        (ARMv7DOpcode):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount):
        (ARMv7D16BitOpcode):
        (OpcodeGroup):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber):
        (ARMv7DOpcodeAddRegisterT2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm):
        (ARMv7DOpcodeAddSPPlusImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8):
        (ARMv7DOpcodeAddSubtract):
        (ARMv7DOpcodeAddSubtractT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn):
        (ARMv7DOpcodeAddSubtractImmediate3):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn):
        (ARMv7DOpcodeAddSubtractImmediate8):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8):
        (ARMv7DOpcodeBranchConditionalT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset):
        (ARMv7DOpcodeBranchExchangeT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm):
        (ARMv7DOpcodeBranchT2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11):
        (ARMv7DOpcodeCompareImmediateT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8):
        (ARMv7DOpcodeCompareRegisterT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn):
        (ARMv7DOpcodeCompareRegisterT2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm):
        (ARMv7DOpcodeDataProcessingRegisterT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn):
        (ARMv7DOpcodeGeneratePCRelativeAddress):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8):
        (ARMv7DOpcodeLoadFromLiteralPool):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8):
        (ARMv7DOpcodeLoadStoreRegisterImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
        (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte):
        (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord):
        (ARMv7DOpcodeLoadStoreRegisterOffsetT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt):
        (ARMv7DOpcodeLoadStoreRegisterSPRelative):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8):
        (ARMv7DOpcodeLogicalImmediateT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5):
        (ARMv7DOpcodeMiscAddSubSP):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7):
        (ARMv7DOpcodeMiscByteHalfwordOps):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op):
        (ARMv7DOpcodeMiscBreakpointT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8):
        (ARMv7DOpcodeMiscCompareAndBranch):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn):
        (ARMv7DOpcodeMiscHint16):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA):
        (ARMv7DOpcodeMiscIfThenT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask):
        (ARMv7DOpcodeMiscPushPop):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask):
        (ARMv7DOpcodeMoveImmediateT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8):
        (ARMv7DOpcodeMoveRegisterT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm):
        (ARMv7D32BitOpcode):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber):
        (ARMv7DOpcodeBranchRelative):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11):
        (ARMv7DOpcodeConditionalBranchT3):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6):
        (ARMv7DOpcodeBranchOrBranchLink):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL):
        (ARMv7DOpcodeDataProcessingLogicalAndRithmetic):
        (ARMv7DOpcodeDataProcessingModifiedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12):
        (ARMv7DOpcodeDataProcessingShiftedReg):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit):
        (ARMv7DOpcodeDataProcessingReg):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2):
        (ARMv7DOpcodeDataProcessingRegShift):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName):
        (ARMv7DOpcodeDataProcessingRegExtend):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate):
        (ARMv7DOpcodeDataProcessingRegParallel):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName):
        (ARMv7DOpcodeDataProcessingRegMisc):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName):
        (ARMv7DOpcodeHint32):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op):
        (ARMv7DOpcodeFPTransfer):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn):
        (ARMv7DOpcodeDataLoad):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op):
        (ARMv7DOpcodeLoadRegister):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2):
        (ARMv7DOpcodeLoadSignedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8):
        (ARMv7DOpcodeLoadUnsignedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12):
        (ARMv7DOpcodeLongMultipleDivide):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit):
        (ARMv7DOpcodeDataPushPopSingle):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op):
        (ARMv7DOpcodeDataStoreSingle):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op):
        (ARMv7DOpcodeStoreSingleImmediate12):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12):
        (ARMv7DOpcodeStoreSingleImmediate8):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8):
        (ARMv7DOpcodeStoreSingleRegister):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2):
        (ARMv7DOpcodeUnmodifiedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16):
        (ARMv7DOpcodeVMOVDoublePrecision):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
        (ARMv7DOpcodeVMOVSinglePrecision):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
        (ARMv7DOpcodeVMSR):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
        * disassembler/ARMv7Disassembler.cpp: Added.
        (JSC::tryToDisassemble):

2013-05-07  Julien Brianceau  <jbrianceau@nds.com>

        Take advantage of pre-decrement and post-increment opcodes for sh4 base JIT.
        https://bugs.webkit.org/show_bug.cgi?id=115722

        Reviewed by Oliver Hunt.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::load8PostInc):
        (MacroAssemblerSH4):
        (JSC::MacroAssemblerSH4::load16Unaligned):
        (JSC::MacroAssemblerSH4::load16PostInc):
        (JSC::MacroAssemblerSH4::storeDouble):
        (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::movwMemRegIn):
        (SH4Assembler):
        (JSC::SH4Assembler::movbMemRegIn):
        (JSC::SH4Assembler::printInstr):

2013-05-07  Anders Carlsson  <andersca@apple.com>

        Remove AlwaysInline.h from WTF
        https://bugs.webkit.org/show_bug.cgi?id=115727

        Reviewed by Brent Fulgham.

        The macro that used to be in AlwaysInline.h is now in Compiler.h so there's no reason
        to keep AlwaysInline.h around anymore.

        * jit/JSInterfaceJIT.h:
        * parser/Lexer.h:
        * runtime/JSCJSValue.h:
        * runtime/SymbolTable.h:

2013-05-07  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>

        HashTraits<RefPtr<P> >::PeekType should be raw pointer for better performance
        https://bugs.webkit.org/show_bug.cgi?id=115646

        Reviewed by Darin Adler.

        * bytecompiler/StaticPropertyAnalyzer.h:
        (JSC::StaticPropertyAnalyzer::putById):
            Updated accordingly to new HashMap<.., RefPtr>::get() semantics.

2013-05-06  Julien Brianceau  <jbrianceau@nds.com>

        Misc bugfix and cleaning in sh4 base JIT.
        https://bugs.webkit.org/show_bug.cgi?id=115627

        Reviewed by Oliver Hunt.

        Get rid of loadX(RegisterID r0, RegisterID src, RegisterID dest) functions.
        Remove misplaced extuw() implementation from MacroAssemblerSH4.
        Add movbRegMemr0 and movwRegMemr0 functions in SH4Assembler.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::add32): Skip operation when first operand is a zero immediate.
        (JSC::MacroAssemblerSH4::sub32): Skip operation when first operand is a zero immediate.
        (JSC::MacroAssemblerSH4::load32): Fix wrong usage of r0 register.
        (JSC::MacroAssemblerSH4::load8Signed): Handle "base == r0" case.
        (MacroAssemblerSH4):
        (JSC::MacroAssemblerSH4::load16): Handle "base == r0" case.
        (JSC::MacroAssemblerSH4::load16Unaligned): Use extuw() implementation from SH4Assembler.
        (JSC::MacroAssemblerSH4::load16Signed): Cosmetic change.
        (JSC::MacroAssemblerSH4::store8): Fix unhandled BaseIndex offset and handle (base == r0) case.
        (JSC::MacroAssemblerSH4::store16): Fix unhandled BaseIndex offset and handle (base == r0) case.
        (JSC::MacroAssemblerSH4::store32):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::movwRegMemr0):
        (SH4Assembler):
        (JSC::SH4Assembler::movbRegMemr0):
        (JSC::SH4Assembler::placeConstantPoolBarrier): Cosmetic change.
        (JSC::SH4Assembler::maxJumpReplacementSize):
        (JSC::SH4Assembler::replaceWithJump): Correct branch range and save an opcode.
        (JSC::SH4Assembler::printInstr):

2013-05-06  Anders Carlsson  <andersca@apple.com>

        Stop using WTF::deleteAllValues in JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=115670

        Reviewed by Oliver Hunt.

        Change the Vectors used to Vectors of OwnPtrs instead.

        * heap/DFGCodeBlocks.cpp:
        (JSC::DFGCodeBlocks::~DFGCodeBlocks):
        (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):

2013-05-06  Andras Becsi  <andras.becsi@digia.com>

        Build with GCC 4.8 fails because of -Wmaybe-uninitialized
        https://bugs.webkit.org/show_bug.cgi?id=115648

        Reviewed by Michael Saboff.

        Initialize values in Options::setOption since from
        there we end up calling OptionRange::init with
        uninitialized members.

        * runtime/Options.cpp:

2013-05-06  Gabor Rapcsanyi  <rgabor@webkit.org>

        JSC ARM traditional failing on Octane NavierStokes test
        https://bugs.webkit.org/show_bug.cgi?id=115626

        Reviewed by Zoltan Herczeg.

        Change the ARM traditional assembler to use double precision on value
        conversions.

        * assembler/ARMAssembler.h:

2013-05-03  Michael Saboff  <msaboff@apple.com>

        There should be a runtime option to constrain what functions get DFG compiled
        https://bugs.webkit.org/show_bug.cgi?id=115576

        Reviewed by Mark Hahnenberg.

        Added OptionRange to Options to allow checking that something is within an option
        or not.  The new OptionClass supports range strings in the form of [!]<low>[:<high>].
        If only one value is given, then it will be used for both low and high.  A leading
        '!' inverts the check.  If no range is given, then checking for a value within a range
        will always return true.  Added the option "bytecodeRangeToDFGCompile" that takes an
        OptionRange string to select the bytecode range of code blocks to DFG compile.

        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile
        range.
        * runtime/Options.cpp:
        (JSC::parse): Added overloaded parse() for OptionRange.
        (JSC::OptionRange::init): Parse range string and then initialize the range.
        (JSC::OptionRange::isInRange): Function used by consumer to check if a value is within
        the specified range.
        (JSC::Options::dumpOption): Added code to dump OptionRange options.
        * runtime/Options.h:
        (OptionRange): New class.
        (JSC::OptionRange::operator= ): This is really used as a default ctor for use within
        the Option static array initialization.
        (JSC::OptionRange::rangeString): This is used for debug.  It assumes that the char*
        passed into OptionRange::init is valid when this function is called.

2013-05-02  Oliver Hunt  <oliver@apple.com>

        Fix potential bug in lookup logic
        https://bugs.webkit.org/show_bug.cgi?id=115522

        Reviewed by Mark Hahnenberg.

        Though not a problem in practise, it is technically possible
        to inject an un-proxied global object into the scope chain
        via the C API.  This change makes sure that the scope walk
        in BytecodeGenerator actually limits itself to scopes that
        are statically bindable.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::resolve):
        * runtime/JSObject.h:
        (JSObject):
        (JSC):
        (JSC::JSObject::isStaticScopeObject):

2013-05-01  Roger Fong  <roger_fong@apple.com>

        Set Path in makefile for AppleWin.

        * JavaScriptCore.vcxproj/JavaScriptCore.make:

2013-05-01  Benjamin Poulain  <benjamin@webkit.org>

        Remove the remaining wscript
        https://bugs.webkit.org/show_bug.cgi?id=115459

        Reviewed by Andreas Kling.

        * wscript: Removed.

2013-04-30  Mark Lam  <mark.lam@apple.com>

        JSContextGroupSetExecutionTimeLimit() should not pass a callback to the
        VM watchdog if its client did not pass one in.
        https://bugs.webkit.org/show_bug.cgi?id=115461.

        Reviewed by Geoffrey Garen.

        * API/JSContextRef.cpp:
        (internalScriptTimeoutCallback):
        (JSContextGroupSetExecutionTimeLimit):
        * API/tests/testapi.c:
        (main):
        - Added test case when the time limit callback is 0.
        - Also updated a check to verify that a TerminatedExecutionException is
          thrown when the time out is cancelled.
        - Also fixed some cosmetic typos.

2013-04-30  Geoffrey Garen  <ggaren@apple.com>

        Removed op_ensure_property_exists
        https://bugs.webkit.org/show_bug.cgi?id=115460

        Reviewed by Mark Hahnenberg.

        It was unused, and whatever it was once used for was not optimized.

        * JavaScriptCore.order:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpBytecode):
        * bytecode/Opcode.h:
        (JSC::padOpcodeName):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        * jit/JIT.h:
        * jit/JITOpcodes.cpp:
        * jit/JITOpcodes32_64.cpp:
        * jit/JITStubs.cpp:
        * jit/JITStubs.h:
        * llint/LLIntSlowPaths.cpp:
        * llint/LLIntSlowPaths.h:
        * llint/LowLevelInterpreter.asm:

2013-04-30  Oliver Hunt  <oliver@apple.com>

        JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry
        https://bugs.webkit.org/show_bug.cgi?id=115449

        Reviewed by Geoffrey Garen.

        Rename callframeishost to something that makes sense, and fix
        getCallerInfo to correctly handle inline functions calling into
        the VM.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::codeOriginForReturn):
          Make this more robust in the face of incorrect stack walking
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::trueCallerFrame):
          Everyone has to perform a codeblock() check before calling this
          so we might as well just do it here.
        * interpreter/Interpreter.cpp:
        (JSC::getCallerInfo):

2013-04-30  Julien Brianceau  <jbrianceau@nds.com>

        Bug fixing in sh4 base JIT and LLINT.
        https://bugs.webkit.org/show_bug.cgi?id=115420

        Reviewed by Oliver Hunt.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::lshift32):
        (JSC::MacroAssemblerSH4::rshift32):
        (JSC::MacroAssemblerSH4::branchMul32):
        (JSC::MacroAssemblerSH4::urshift32):
        (JSC::MacroAssemblerSH4::replaceWithJump):
        (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::shldRegReg):
        (JSC::SH4Assembler::shadRegReg):
        (JSC::SH4Assembler::shalImm8r):
        (SH4Assembler):
        (JSC::SH4Assembler::sharImm8r):
        (JSC::SH4Assembler::maxJumpReplacementSize):
        (JSC::SH4Assembler::replaceWithJump):
        * offlineasm/sh4.rb:

2013-04-30  Geoffrey Garen  <ggaren@apple.com>

        Objective-C JavaScriptCore API should publicly support bridging to C
        https://bugs.webkit.org/show_bug.cgi?id=115447

        Reviewed by Mark Hahnenberg.

        For consistency, I renamed

            +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef]
            +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef]
            -[JSContext globalContext] => -[JSContext JSGlobalContextRef]

        I searched svn to verify that these functions don't have clients yet,
        so we won't break anything.

        I also exported as public API

            +[JSValue valueWithJSValueRef:]
            +[JSContext contextWithJSGlobalContextRef:]

        It's hard to integrate with the C API without these.

2013-04-30  Commit Queue  <rniwa@webkit.org>

        Unreviewed, rolling out r149349 and r149354.
        http://trac.webkit.org/changeset/149349
        http://trac.webkit.org/changeset/149354
        https://bugs.webkit.org/show_bug.cgi?id=115444

         The Thumb version of compileSoftModulo make invalid use of
        registers (Requested by benjaminp on #webkit).

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * assembler/ARMv7Assembler.h:
        (ARMv7Assembler):
        * assembler/AbstractMacroAssembler.h:
        (JSC::isARMv7s):
        (JSC):
        * assembler/MacroAssemblerARMv7.cpp: Removed.
        * assembler/MacroAssemblerARMv7.h:
        (MacroAssemblerARMv7):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
        (DFG):
        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation):
        (SpeculativeJIT):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2013-04-30  Zalan Bujtas  <zalan@apple.com>

        Animations fail to start on http://www.google.com/insidesearch/howsearchworks/thestory/
        https://bugs.webkit.org/show_bug.cgi?id=111244

        Reviewed by David Kilzer.
        
        Enable performance.now() as a minimal subset of Web Timing API. 
        It returns DOMHighResTimeStamp, a monotonically increasing value representing the 
        number of milliseconds from the start of the navigation of the current document.
        JS libraries use this API to check against the requestAnimationFrame() timestamp.

        * Configurations/FeatureDefines.xcconfig:

2013-04-30  Zoltan Arvai  <zarvai@inf.u-szeged.hu>

        Unreviewed. Speculative build fix on Qt Arm and Mips after r149349.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileSoftModulo):

2013-04-29  Cosmin Truta  <ctruta@blackberry.com>

        [ARM] Expand the use of integer division
        https://bugs.webkit.org/show_bug.cgi?id=115138

        Reviewed by Benjamin Poulain.

        If availability of hardware integer division isn't known at compile
        time, check the CPU flags and decide at runtime whether to fall back
        to software. Currently, this OS-specific check is implemented on QNX.

        Moreover, use operator % instead of fmod() in the calculation of the
        software modulo. Even when it's software-emulated, operator % is faster
        than fmod(): on ARM v7 QNX, without hardware division, we noticed
        >3% speedup on SunSpider.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::sdiv): Did not compile conditionally.
        (JSC::ARMv7Assembler::udiv): Ditto.
        * assembler/AbstractMacroAssembler.h:
        (JSC::isARMv7s): Removed.
        * assembler/MacroAssemblerARMv7.cpp: Added.
        (JSC::isIntegerDivSupported): Added.
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::supportsIntegerDiv): Added.
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode): Checked MacroAssembler::supportsIntegerDiv() in ArithDiv case.
        * dfg/DFGOperations.cpp:
        (JSC::DFG::operationModOnInts): Added.
        * dfg/DFGOperations.h:
        (JSC::DFG::Z_DFGOperation_ZZ): Added.
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileSoftModulo): Separated the X86-specific and ARM-specific codegen
        from the common implementation; used operationModOnInts on ARM.
        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM): Renamed from compileIntegerArithDivForARMv7.
        (JSC::DFG::SpeculativeJIT::compileArithMod): Allowed run-time detection of integer div on ARM.
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation): Added overloads with Z_DFGOperation_ZZ arguments.
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile): Used compileIntegerArithDivForARM.

2013-04-29  Benjamin Poulain  <benjamin@webkit.org>

        Unify the data access of StringImpl members from JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=115320

        Reviewed by Andreas Kling.

        DFG accesses the member infos by directly calling the methods on StringImpl,
        while the baseline JIT was using helper methods on ThunkHelpers.

        Cut the middle man, and use StringImpl directly everywhere.

        * jit/JITInlines.h:
        (JSC::JIT::emitLoadCharacterString):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::stringGetByValStubGenerator):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::stringGetByValStubGenerator):
        * jit/JSInterfaceJIT.h:
        * jit/ThunkGenerators.cpp:
        (JSC::stringCharLoad):

2013-04-29  Benjamin Poulain  <bpoulain@apple.com>

        Use push and pop for iOS math function thunks
        https://bugs.webkit.org/show_bug.cgi?id=115215

        Reviewed by Filip Pizlo.

        The iOS ABI is a little different than regular ARM ABI regarding stack alignment.
        The requirement is 4 bytes:
        "The ARM environment uses a stack that—at the point of function calls—is 4-byte aligned,
         grows downward, and contains local variables and a function’s parameters."

        Subsequently, we can just use push and pop to preserve the link register.

        * jit/ThunkGenerators.cpp:

2013-04-29  Brent Fulgham  <bfulgham@webkit.org>

        [Windows, WinCairo] Get rid of last few pthread include/link references.
        https://bugs.webkit.org/show_bug.cgi?id=115375

        Reviewed by Tim Horton.

        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:

2013-04-29  Roger Fong  <roger_fong@apple.com>

        Unreviewed. AppleWin VS2010 build fix.

        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>

        ~BlockAllocator should ASSERT that it has no more Regions left
        https://bugs.webkit.org/show_bug.cgi?id=115287

        Reviewed by Andreas Kling.

        * heap/BlockAllocator.cpp:
        (JSC::BlockAllocator::~BlockAllocator):
        (JSC::BlockAllocator::allRegionSetsAreEmpty):
        * heap/BlockAllocator.h:
        (RegionSet):
        (JSC::BlockAllocator::RegionSet::isEmpty):
        (BlockAllocator):

2013-04-29  Mark Hahnenberg  <mhahnenberg@apple.com>

        IndexingTypes should use hex
        https://bugs.webkit.org/show_bug.cgi?id=115286

        Decimal is kind of confusing/hard to read because they're used as bit masks. Hex seems more appropriate.

        Reviewed by Geoffrey Garen.

        * runtime/IndexingType.h:

2013-04-29  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck.

        * GNUmakefile.list.am: Add missing headers files to compilation
        and offlineasm/sh4.rb script.

2013-04-28  Dean Jackson  <dino@apple.com>

        [Mac] Disable canvas backing store scaling (HIGH_DPI_CANVAS)
        https://bugs.webkit.org/show_bug.cgi?id=115310

        Reviewed by Simon Fraser.

        Remove ENABLE_HIGH_DPI_CANVAS_macosx.

        * Configurations/FeatureDefines.xcconfig:

2013-04-27  Darin Adler  <darin@apple.com>

        Move from constructor and member function adoptCF/NS to free function adoptCF/NS.
        https://bugs.webkit.org/show_bug.cgi?id=115307

        Reviewed by Geoffrey Garen.

        * heap/HeapTimer.cpp:
        (JSC::HeapTimer::HeapTimer):
        * runtime/VM.cpp:
        (JSC::enableAssembler):
        Use adoptCF free function.

2013-04-27  Anders Carlsson  <andersca@apple.com>

        Try to fix the Windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:

2013-04-25  Geoffrey Garen  <ggaren@apple.com>

        Cleaned up pre/post inc/dec in bytecode
        https://bugs.webkit.org/show_bug.cgi?id=115222

        Reviewed by Filip Pizlo.

        A few related changes here:

        (*) Removed post_inc and post_dec. The two-result form was awkward to
        reason about. Being explicit about the intermediate mov and to_number
        reduces DFG overhead, removes some fragile ASSERTs from the DFG, and
        fixes a const bug. Plus, we get to blow away 262 lines of code.

        (*) Renamed pre_inc and pre_dec to inc and dec, since there's only one
        version now.

        (*) Renamed to_jsnumber to to_number, to match the ECMA name.

        (*) Tightened up the codegen and runtime support for to_number.


        * JavaScriptCore.order: Order!

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpBytecode):
        * bytecode/Opcode.h:
        (JSC::padOpcodeName):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitInc):
        (JSC::BytecodeGenerator::emitDec):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::emitToNumber):
        (BytecodeGenerator): Removed post_inc and post_dec.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::emitPreIncOrDec): Updated for rename.

        (JSC::emitPostIncOrDec): Issue an explicit mov and to_number when needed.
        These are rare, and they boil away in the DFG.

        (JSC::PostfixNode::emitResolve):
        (JSC::PrefixNode::emitResolve): For const, use an explicit mov instead
        of any special forms. This fixes a bug where we would do string
        add/subtract instead of number.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGCapabilities.h:
        (JSC::DFG::canCompileOpcode):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        * jit/JITArithmetic.cpp:
        (JSC::JIT::emit_op_inc):
        (JSC::JIT::emitSlow_op_inc):
        (JSC::JIT::emit_op_dec):
        (JSC::JIT::emitSlow_op_dec):
        * jit/JITArithmetic32_64.cpp:
        (JSC::JIT::emit_op_inc):
        (JSC::JIT::emitSlow_op_inc):
        (JSC::JIT::emit_op_dec):
        (JSC::JIT::emitSlow_op_dec): Removed post_inc/dec, and updated for renames.

        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_to_number):
        (JSC::JIT::emitSlow_op_to_number): Removed a test for number cells. There's
        no such thing!

        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_to_number): Use LowestTag to avoid making assumptions
        about the lowest valued tag.

        (JSC::JIT::emitSlow_op_to_number): Updated for renames.

        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * jit/JITStubs.h:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * llint/LLIntSlowPaths.h:
        * llint/LowLevelInterpreter32_64.asm:
        * llint/LowLevelInterpreter64.asm:
        * parser/NodeConstructors.h:
        (JSC::UnaryPlusNode::UnaryPlusNode): Removed post_inc/dec, and updated for renames.

        * runtime/Operations.cpp:
        (JSC::jsIsObjectType): Removed a test for number cells. There's
        no such thing!

2013-04-27  Julien Brianceau  <jbrianceau@nds.com>

        REGRESSION(r149114): cache flush for SH4 arch may flush an extra page.
        https://bugs.webkit.org/show_bug.cgi?id=115305

        Reviewed by Andreas Kling.

        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::cacheFlush):

2013-04-26  Geoffrey Garen  <ggaren@apple.com>

        Re-landing <http://trac.webkit.org/changeset/148999>

            Filled out more cases of branch folding in bytecode when emitting
            expressions into a branching context
            https://bugs.webkit.org/show_bug.cgi?id=115057

            Reviewed by Phil Pizlo.

        We can't fold the number == 1 case to boolean because all non-zero numbers
        down-cast to true, but only 1 is == to true.

2013-04-26  Filip Pizlo  <fpizlo@apple.com>

        Correct indentation of SymbolTable.h
        
        Rubber stamped by Mark Hahnenberg.

        * runtime/SymbolTable.h:

2013-04-26  Roger Fong  <roger_fong@apple.com>

        Make Apple Windows VS2010 build results into and get dependencies from __32 suffixed folders.
        Make the DebugSuffix configuration use _debug dependencies.

        * JavaScriptCore.vcxproj/JavaScriptCore.make:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make:
        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
        * JavaScriptCore.vcxproj/build-generated-files.sh:
        * JavaScriptCore.vcxproj/copy-files.cmd:
        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
        * JavaScriptCore.vcxproj/jsc/jscDebug.props:
        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
        * JavaScriptCore.vcxproj/jsc/jscProduction.props:
        * JavaScriptCore.vcxproj/jsc/jscRelease.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
        * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
        * JavaScriptCore.vcxproj/testapi/testapiDebug.props:
        * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
        * JavaScriptCore.vcxproj/testapi/testapiProduction.props:
        * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
        * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:

2013-04-26  Roger Fong  <roger_fong@apple.com>

        Disable sub-pixel layout on mac.
        https://bugs.webkit.org/show_bug.cgi?id=114999.

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2013-04-26  Oliver Hunt  <oliver@apple.com>

        Make stack tracing more robust
        https://bugs.webkit.org/show_bug.cgi?id=115272

        Reviewed by Geoffrey Garen.

        CallFrame already handles stack walking confusion robustly,
        so we should make sure that the actual walk handles that as well.

        * interpreter/Interpreter.cpp:
        (JSC::getCallerInfo):

2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>

        REGRESSION(r149165): It made many tests crash on 32 bit
        https://bugs.webkit.org/show_bug.cgi?id=115227

        Reviewed by Csaba Osztrogonác.

        m_reservation is uninitialized when ENABLE(SUPER_REGION) is false.

        * heap/SuperRegion.cpp:
        (JSC::SuperRegion::~SuperRegion):

2013-04-26  Julien Brianceau  <jbrianceau@nds.com>

        Fix SH4 build broken since r149159.
        https://bugs.webkit.org/show_bug.cgi?id=115229

        Add BranchTruncateType enum in SH4 port and handle it in branchTruncateDoubleToInt32.

        Reviewed by Allan Sandfeld Jensen.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):

2013-04-25  Mark Hahnenberg  <mhahnenberg@apple.com>

        SuperRegion doesn't call deallocate() on its PageReservation
        https://bugs.webkit.org/show_bug.cgi?id=115208

        Reviewed by Geoffrey Garen.

        It should. This doesn't cause us to leak physical memory, but it does cause us to leak virtual 
        address space (and probably mach ports), which is also bad :-( FixedVMPoolExecutableAllocator 
        also has this bug, but it doesn't matter much because there's only one instance of that class 
        throughout the entire lifetime of the process, whereas each VM has its own SuperRegion. 

        * heap/SuperRegion.cpp:
        (JSC::SuperRegion::~SuperRegion):
        * heap/SuperRegion.h:
        (SuperRegion):
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (FixedVMPoolExecutableAllocator):
        (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):

2013-04-25  Filip Pizlo  <fpizlo@apple.com>

        DFG doesn't support to_jsnumber
        https://bugs.webkit.org/show_bug.cgi?id=115129

        Reviewed by Geoffrey Garen.
        
        Based on Oliver's patch. Implements to_jsnumber as Identity(Number:@thingy), and then does
        an optimization in Fixup to turn Identity(Number:) into Identity(Int32:) if the predictions
        tell us to. Identity is later turned into Phantom.
        
        Also fixed BackPropMask, which appeared to have NodeDoesNotExit included in it. That's
        wrong; NodeDoesNotExit is not a backward propagation property.
        
        Also fixed Identity to be marked as CanExit (i.e. not NodeDoesNotExit).
        
        This more than doubles the FPS on ammo.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGCapabilities.h:
        (JSC::DFG::canCompileOpcode):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        (FixupPhase):
        (JSC::DFG::FixupPhase::observeUseKindOnNode):
        (JSC::DFG::FixupPhase::observeUseKindOnEdge):
        * dfg/DFGNodeFlags.h:
        (DFG):
        * dfg/DFGNodeType.h:
        (DFG):
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):

2013-04-24  Oliver Hunt  <oliver@apple.com>

        Add support for Math.imul
        https://bugs.webkit.org/show_bug.cgi?id=115143

        Reviewed by Filip Pizlo.

        Add support for Math.imul, a thunk generator for Math.imul,
        and an intrinsic.

        Fairly self explanatory set of changes, DFG intrinsics simply
        leverages the existing ValueToInt32 nodes.

        * create_hash_table:
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::executeEffects):
        * dfg/DFGBackwardsPropagationPhase.cpp:
        (JSC::DFG::BackwardsPropagationPhase::propagate):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleIntrinsic):
        * dfg/DFGCSEPhase.cpp:
        (JSC::DFG::CSEPhase::performNodeCSE):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        * dfg/DFGNodeType.h:
        (DFG):
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileArithIMul):
        * dfg/DFGSpeculativeJIT.h:
        (SpeculativeJIT):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * jit/ThunkGenerators.cpp:
        (JSC::imulThunkGenerator):
        (JSC):
        * jit/ThunkGenerators.h:
        (JSC):
        * runtime/Intrinsic.h:
        * runtime/MathObject.cpp:
        (JSC):
        (JSC::mathProtoFuncIMul):
        * runtime/VM.cpp:
        (JSC::thunkGeneratorForIntrinsic):

2013-04-25  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, roll out http://trac.webkit.org/changeset/148999
        It broke http://kripken.github.io/ammo.js/examples/new/ammo.html

        * JavaScriptCore.order:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitNewArray):
        (JSC::BytecodeGenerator::emitThrowReferenceError):
        (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::shouldEmitProfileHooks):
        (BytecodeGenerator):
        * bytecompiler/NodesCodegen.cpp:
        (JSC):
        (JSC::NullNode::emitBytecode):
        (JSC::BooleanNode::emitBytecode):
        (JSC::NumberNode::emitBytecode):
        (JSC::StringNode::emitBytecode):
        (JSC::IfNode::emitBytecode):
        (JSC::IfElseNode::emitBytecode):
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createIfStatement):
        (ASTBuilder):
        * parser/NodeConstructors.h:
        (JSC):
        (JSC::NullNode::NullNode):
        (JSC::BooleanNode::BooleanNode):
        (JSC::NumberNode::NumberNode):
        (JSC::StringNode::StringNode):
        (JSC::IfNode::IfNode):
        (JSC::IfElseNode::IfElseNode):
        * parser/Nodes.h:
        (JSC::ExpressionNode::isPure):
        (JSC::ExpressionNode::isSubtract):
        (StatementNode):
        (NullNode):
        (JSC::NullNode::isNull):
        (BooleanNode):
        (JSC::BooleanNode::isPure):
        (NumberNode):
        (JSC::NumberNode::value):
        (JSC::NumberNode::isPure):
        (StringNode):
        (JSC::StringNode::isPure):
        (JSC::StringNode::isString):
        (BinaryOpNode):
        (IfNode):
        (JSC):
        (IfElseNode):
        (ContinueNode):
        (BreakNode):
        * parser/Parser.cpp:
        (JSC::::parseIfStatement):
        * parser/ResultType.h:
        (ResultType):
        * runtime/JSCJSValueInlines.h:
        (JSC::JSValue::pureToBoolean):
        * runtime/JSCell.h:
        (JSCell):
        * runtime/JSCellInlines.h:
        (JSC):

2013-04-25  Filip Pizlo  <fpizlo@apple.com>

        PreciseJumpTargets should treat loop_hint as a jump target
        https://bugs.webkit.org/show_bug.cgi?id=115209

        Reviewed by Mark Hahnenberg.
        
        I didn't add a test but I turned this into a release assertion. Running Octane is enough
        to trigger it.

        * bytecode/PreciseJumpTargets.cpp:
        (JSC::computePreciseJumpTargets):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):

2013-04-25  Roman Zhuykov  <zhroma@ispras.ru>

        Fix problems with processing negative zero on DFG.
        https://bugs.webkit.org/show_bug.cgi?id=113862

        Reviewed by Filip Pizlo.

        Fix NodeNeedsNegZero flag propagation in BackwardPropagationPhase.
        Function arithNodeFlags should not mask NodeNeedsNegZero flag for ArithNegate and DoubleAsInt32
        nodes and this flag should be always used to decide where we need to generate nezative-zero checks.
        Remove unnecessary negative-zero checks from integer ArithDiv on ARM.
        Also remove such checks from integer ArithMod on ARM and X86, and make them always to
        check not only "modulo_result == 0" but also "dividend < 0".
        Generate faster code for case when ArithMod operation divisor is constant power of 2 on ARMv7
        in the same way as on ARMv7s, and add negative-zero checks into this code when needed.
        Change speculationCheck ExitKind from Overflow to NegativeZero where applicable.
 
        This shows 30% speedup of math-spectral-norm, and 5% speedup
        on SunSpider overall on ARMv7 Linux.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32):
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
        * assembler/MacroAssemblerX86Common.h:
        (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
        * dfg/DFGBackwardsPropagationPhase.cpp:
        (JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
        (JSC::DFG::BackwardsPropagationPhase::isNotPosZero):
        (JSC::DFG::BackwardsPropagationPhase::propagate):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::arithNodeFlags):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
        (JSC::DFG::SpeculativeJIT::compileArithNegate):

2013-04-25  Oliver Hunt  <oliver@apple.com>

        Stack guards are too conservative
        https://bugs.webkit.org/show_bug.cgi?id=115147

        Reviewed by Mark Hahnenberg.

        Increase stack guard to closer to old size.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::StackPolicy::StackPolicy):

2013-04-25  Oliver Hunt  <oliver@apple.com>

        Stack guards are too conservative
        https://bugs.webkit.org/show_bug.cgi?id=115147

        Reviewed by Geoffrey Garen.

        Reduce the limits and simplify the decision making.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::StackPolicy::StackPolicy):

2013-04-25  Nick Diego Yamane  <nick.yamane@openbossa.org>

        JSC: Fix interpreter misbehavior in builds with JIT disabled
        https://bugs.webkit.org/show_bug.cgi?id=115190

        Reviewed by Oliver Hunt.

        Commit http://trac.webkit.org/changeset/147858 modified
        some details on how JS stack traces are built. The method
        "getLineNumberForCallFrame", renamed in that changeset to
        "getBytecodeOffsetForCallFrame" is always returning `0' when
        JIT is disabled

        How to reproduce:
         - Build webkit with JIT disabled
         - Open MiniBrowser, for example, with http://google.com
         - In a debug build, WebProcess will hit the following ASSERT:
           Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:279 ASSERT(low);

        * interpreter/Interpreter.cpp:
        (JSC::getBytecodeOffsetForCallFrame):

2013-04-25  Oliver Hunt  <oliver@apple.com>

        Make checkSyntax take a VM instead of an ExecState

        RS=Tim

        * jsc.cpp:
        (runInteractive):
        * runtime/Completion.cpp:
        (JSC::checkSyntax):
        * runtime/Completion.h:
        (JSC):

2013-04-25  Michael Saboff  <msaboff@apple.com>

        32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean
        https://bugs.webkit.org/show_bug.cgi?id=115188

        Reviewed by Geoffrey Garen.

        Changed the RegExpTest node to set the AbstractValue to boolean, since that
        what it is.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::executeEffects):

2013-04-25  Julien Brianceau  <jbrianceau@nds.com>

        REGRESSION(r137994): Random crashes occur with SH4 JSC.
        https://bugs.webkit.org/show_bug.cgi?id=115167.

        Reviewed by Oliver Hunt.

        Since r137994, uncommited pages could be inside the area of memory in
        parameter of the cacheFlush function. That's why we have to flush each
        page separately to avoid a fail of the whole flush, if an uncommited page
        is in the area.

        This patch is very similar to changeset 145194 made for ARMv7 architecture,
        see https://bugs.webkit.org/show_bug.cgi?id=111441 for further information.

        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::cacheFlush):

2013-04-24  Mark Lam  <mark.lam@apple.com>

        Add watchdog timer polling for the DFG.
        https://bugs.webkit.org/show_bug.cgi?id=115134.

        Reviewed by Geoffrey Garen.

        The strategy is to add a speculation check to the DFG generated code to
        test if the watchdog timer has fired or not. If the watchdog timer has
        fired, the generated code will do an OSR exit to the baseline JIT, and
        let it handle servicing the watchdog timer.

        If the watchdog is not enabled, this speculation check will not be
        emitted.

        * API/tests/testapi.c:
        (currentCPUTime_callAsFunction):
        (extendTerminateCallback):
        (main):
        - removed try/catch statements so that we can test the watchdog on the DFG.
        - added JS bindings to a native currentCPUTime() function so that the timeout
          tests can be more accurate.
        - also shortened the time values so that the tests can complete sooner.

        * bytecode/ExitKind.h:
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::executeEffects):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        * dfg/DFGNodeType.h:
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * runtime/Watchdog.cpp:
        (JSC::Watchdog::setTimeLimit):

2013-04-24  Filip Pizlo  <fpizlo@apple.com>

        Special thunks for math functions should work on ARMv7
        https://bugs.webkit.org/show_bug.cgi?id=115144

        Reviewed by Gavin Barraclough and Oliver Hunt.
        
        The only hard bit here was ensuring that we implemented the very special
        "cheap C call" convention on ARMv7.

        * assembler/AbstractMacroAssembler.h:
        (JSC::isARMv7s):
        (JSC):
        (JSC::isX86):
        * dfg/DFGCommon.h:
        * jit/SpecializedThunkJIT.h:
        (SpecializedThunkJIT):
        (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
        * jit/ThunkGenerators.cpp:
        (JSC::floorThunkGenerator):
        (JSC::ceilThunkGenerator):
        (JSC::roundThunkGenerator):
        (JSC::expThunkGenerator):
        (JSC::logThunkGenerator):

2013-04-24  Julien Brianceau  <jbrianceau@nds.com>

        Misc bugfix and cleaning in sh4 base JIT.
        https://bugs.webkit.org/show_bug.cgi?id=115022.

        Reviewed by Oliver Hunt.

        Remove unused add32() and sub32() with scratchreg parameter to avoid
        confusion as this function prototype means another behaviour.
        Remove unused "void push(Address)" function which seems quite buggy.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::and32): Cosmetic change.
        (JSC::MacroAssemblerSH4::lshift32): Cosmetic change.
        (JSC::MacroAssemblerSH4::or32): Cosmetic change.
        (JSC::MacroAssemblerSH4::xor32): Cosmetic change.
        (MacroAssemblerSH4):
        (JSC::MacroAssemblerSH4::load32): Cosmetic change.
        (JSC::MacroAssemblerSH4::load8Signed): Fix invalid offset upper limit
        when using r0 register and cosmetic changes.
        (JSC::MacroAssemblerSH4::load8): Reuse load8Signed to avoid duplication.
        (JSC::MacroAssemblerSH4::load16): Fix invalid offset upper limit when
        using r0 register, fix missing offset shift and cosmetic changes.
        (JSC::MacroAssemblerSH4::store32): Cosmetic change.
        (JSC::MacroAssemblerSH4::branchAdd32): Store result value before branch.

2013-04-24  Patrick Gansterer  <paroga@webkit.org>

        [WIN] Remove pthread from Visual Studio files in JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=114864

        Reviewed by Brent Fulgham.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops:
        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
        * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops:
        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
        * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:

2013-04-24  Filip Pizlo  <fpizlo@apple.com>

        DFG should keep the operand to create_this alive if it's emitting code for create_this
        https://bugs.webkit.org/show_bug.cgi?id=115133

        Reviewed by Mark Hahnenberg.
        
        The DFG must model bytecode liveness, or else OSR exit is going to have a really bad time.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):

2013-04-24  Roger Fong  <roger_fong@apple.com>

        Have VS2010 WebKit solution look in WebKit_Libraries/lib32 for dependencies.

        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:

2013-04-24  Geoffrey Garen  <ggaren@apple.com>

        32-bit build fix.

        Unreviewed.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): Explicitly
        truncate to 32-bit to avoid compiler warnings. It's safe to truncate
        because the payload of a boolean is the low bits on both 64-bit and 32-bit.

2013-04-23  Geoffrey Garen  <ggaren@apple.com>

        Filled out more cases of branch folding in the DFG
        https://bugs.webkit.org/show_bug.cgi?id=115088

        Reviewed by Oliver Hunt.

        No change on the benchmarks we track, but a 3X speedup on a
        microbenchmark that uses these techniques.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock): (!/=)= and (!/=)== can constant
        fold all types, not just numbers, because true constants have no
        side effects when type-converted at runtime.

        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::shouldSpeculateBoolean): Added support for fixing up
        boolean uses, like we do for other types like number.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch):
        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
        (JSC::DFG::SpeculativeJIT::compare):
        (JSC::DFG::SpeculativeJIT::compileStrictEq):
        (JSC::DFG::SpeculativeJIT::compileBooleanCompare): Peephole fuse
        boolean compare and/or compare-branch, now that we have the types for
        them.

        * dfg/DFGSpeculativeJIT.h: Updated declarations.

== Rolled over to ChangeLog-2013-04-24 ==
